Querying locally on a nameserver - odd behavior
blrmaani
blrmaani at gmail.com
Wed Sep 21 11:21:00 UTC 2016
On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas wrote:
> On 20.09.16 20:27, blrmaani wrote:
> >I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host:
> >
> >dig @localhost <name> # returns immediately with right response
> >
> >dig @<host-local-ip-on-eth0> <name> # returns sometimes, timesout most of the time
> >
> >
> >I have allow-query {any;} in BIND config and the <name> above is local on the host (obtained via slaving). The listen-on is set to 'any' on port-53
> >
> >What am I missing? Why this odd behavior?
>
> a firewall probably?
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Atheism is a non-prophet organization.
I checked for firewall, didn't find any locally on the host (no tcpwrapper enabled). Also, during this behavior, I saw lots of UDP packet loss on the host:
netstat -s | egrep -A4 "Udp:"
...
..
I tried similar local queries when traffic reduced (and when UDP pkt loss was zero) and both local queries succeeded.
Still struggling to identify the root cause.
PS: There were several NXDOMAIN queries (around 95%) sent to this DNS server during peak hours and NXDOMAIN reduced after business hours.
More information about the bind-users
mailing list