Weird performance issue.

Fr34k freaknetboy at yahoo.com
Wed Aug 20 17:03:18 UTC 2008


Is your firewall set to arp for different MAC addresses?
If so, was that updated to reflect the changes you are trying to make?
I did Checkpoint in a former life, and I can remember defining static arp entries for some of the NAT setup we had.
Is is all I can think of or remember.
HTH



----- Original Message ----
From: Cedric Lejeune <cedric.lejeune at arcelormittal.com>
To: bind-users at isc.org
Sent: Wednesday, August 20, 2008 10:08:40 AM
Subject: Weird performance issue.

Hello list,
We currently running two instances of bind9, each one on a different 
host. Both hosts have their own IP address and basic tests work perfectly:
- ping of external server(s) work fine (FQDN and IP address)
- host resolution works fine
- named processes number is quite low (~16)

The problem occurs when we try to move IP address from master server to 
slave server:
- ping of external server(s) failed (FQDN and IP address)
- host resolution take a huge time to complete or do not complete at all 
(timeout)
- processes number increases significantly (~1000, which seems to 
correspond to recursive-clients default value)

We have taken care of everything we can think of:
- bind9 configuration
- network configuration
- arp resolution
- firewall configuration (although being a CheckPoint firewall, Smart 
Defense does not seem to cause any issue since only logging is 
activated, cf 
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/cfa8c63ec6bd08d6 
. Firewall log does not show anything weird too.)

Log do not show anything relevant to me, except the well known "too many 
timeouts resolving 'ns2.highergroundtech.com/AAAA' (in 
'highergroundtech.com'?): disabling EDNS" message.

We currently running BIND9 on Linux Debian:
- the one running perfectly is a quite outdated 9.2.1-2.woody.1 package
- the one causing problem is a quite up to date 1:9.5.0.dfsg.P1-2 package

Configuration files have only been updated to reflect releases changes.

Do you have any hint or advice so I can at least look at where the issue 
comes from and then try to solve it?

Thanks for your help,

Kind regards,

cedric.


More information about the bind-users mailing list