Bind + pf

Ytzhak Levy ytzhak at
Thu Mar 31 13:52:24 UTC 2005

Hello Guys,

We have a primary and a secondary nameservers.

The primary is on a windows 2003 (not because me), the secondary is a BIND =
9.3 on a FreeBSD 5.3 STABLE.

The primary nameserver does'nt work very well (windows...) and somtimes has=
 a huge response time to queries (about 3 or 4 seconds).

The secondary nameserver has a good time to queries (to outside as well) bu=
t sometimes, without apparently reason, stops. Also I notice, after tcpdump=
ing, that primary nameserver sends a lot of UDP packets which causes a high=
 CPU usage by the bind process (about 50, 70%).
The packets are DNS queries, but the traffic is *very* high. As if the prim=
ary nameserver does'nt reponses any query.

The firewall(pf, on a OpenBSD) permits all traffic from the any port from t=
he nameservers to port 53 to any host in the outside. Also permit from any =
port in the outside to port 53 to nameservers. There is only this 2 rules a=
bout nameserver and the outside world. I think that is enough.

The secondary nameserver was placed in other link with a valid IP address o=
nly being a resolver and runs fine.

My questions:

1 - does windows dns a interaction problem with bind ?
2 - do i forgot some addictional rule about the name servers in pf.conf ?
3 - is this very traffic bettwen primary and secondary nameserver normal ?

thanks in advance
