blrmaani at gmail.com
Tue Aug 16 01:22:31 UTC 2016
I inherited a DNS server which is running BIND 9.8.x. There was a DNS incident where our customers complained that they saw query timeouts intermittently (Our customers run cassandra/hadoop applications and send same queries repeatedly). They also run nscd on their hosts but I was told all have same TTL value of 3600 indicating all names expire at the same time on thousands of client hosts).
I tried to reproduce the issue by sending hostname.bind queries and I see logs similar to the one below:
<time> <client-hostname> named[<pid>]: limit responses to <subnet> for hostname.bind CH TXT <hex-number>
<time> <client-hostname> named[<pid>]: *stop limiting responses to <subnet> for hostname.bind CH TXT <hex-number>
I reviewed /etc/named.conf and do not see 'rate-limit' configuration. I am confused because BIND ARM says rate-limit is disabled by default. But logs indicate otherwise.
( I did "grep rate /etc/*" and didn't see anything. There are no includes in named.conf)
Please advice on how I can disable rate-limit on my DNS server.
I did a strings on 'named' binary and see this:
strings /usr/sbin/named | egrep -i rrl
What else do I need to check to identify if RRL is enabled?
More information about the bind-users