limiting number of requests of a single hosts

G.W. Haywood bind at
Fri Jun 15 15:46:07 UTC 2012

Hi there,

On Fri, 15 Jun 2012, Holemans Wim wrote:

> ... Once or twice a day a DNS burst (20K requests/15sec) kills all
> connections on the firewall.

Have you disabled firewall connection tracking for DNS requests?

> We have 6 dns servers (bind) on our campus, that are all
> authoritative for our domains and also resolver for our campus
> hosts.  Most of our clients however use our AD/LDAP/DNS Microsoft
> servers as their resolver, which on their turn contact our 6 dns
> servers for further resolving.

Could you simply run BIND resolvers for your clients and as far as
possible avoid using the Microsoft services?

> Two, has anyone already seen this type of behavior on a Microsoft
> AD/LDAP/DNS server and has a clue what could cause this stalling ?

Yes, I've seen it.  I suspect dropped packets might be the cause, but
I have no hard evidence.  My solution was to use BIND instead. :)



More information about the bind-users mailing list