Frequent timeout

Alex mysqlstudent at gmail.com
Thu Sep 6 22:42:23 UTC 2018


On Thu, Sep 6, 2018 at 5:56 PM John W. Blue <john.blue at rrcic.com> wrote:
>
> So that file is full of nothing but queries and no responses which, sadly, is useless.
>
> Run:
>
> tcpdump -s0 -n -i eth0 port domain -w /tmp/domaincapture.pcap
>
> You don't need all of the extra stuff because -s0 captures the full packet.

This is the command I ran to produce the pcap file I sent:

# tcpdump -s0 -vv -i eth0 -nn -w domain-capture-eth0-090518.pcap udp
dst port domain

I have a few other pcap files here. Can you tell me the query you ran
in wireshark to search for the SERVFAIL packets? Perhaps I can find
them here. I have another that I just realized was running for quite a
while and has grown to 1.5GB until I just stopped it. I also have
another that was run with "-i any", but it's also quite large.

I'd otherwise probably have to wait until tomorrow to run it again, as
it appears to happen during periods of high traffic.

I should also mention that, while eth0 is the physical device, there
is a bridge set up to support virtual machines (none of which were
active). Hopefully that's not the reason! (real IP obscured).

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 68.195.XXX.45  netmask 255.255.255.248  broadcast 68.195.XXX.47
        inet6 fe80::16da:e9ff:fe97:ab71  prefixlen 64  scopeid 0x20<link>
        inet6 ::16da:e9ff:fe97:ab71  prefixlen 64  scopeid 0x0<global>
        ether 14:da:e9:97:ab:71  txqueuelen 1000  (Ethernet)
        RX packets 54953236  bytes 45182800578 (42.0 GiB)
        RX errors 0  dropped 231612  overruns 0  frame 0
        TX packets 68345276  bytes 33687959055 (31.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::16da:e9ff:fe97:ab71  prefixlen 64  scopeid 0x20<link>
        ether 14:da:e9:97:ab:71  txqueuelen 1000  (Ethernet)
        RX packets 61078845  bytes 46596159121 (43.3 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68733541  bytes 34028363069 (31.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xdf200000-df220000

Thanks,
Alex


>
> John
>
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Alex
> Sent: Thursday, September 06, 2018 2:54 PM
> To: bind-users at lists.isc.org
> Subject: Re: Frequent timeout
>
> On Thu, Sep 6, 2018 at 3:05 PM John W. Blue <john.blue at rrcic.com> wrote:
> >
> > Alex,
> >
> > Have you uploaded this pcap with the SERVFAIL's?  I didn't have time to look at your first upload but can review this one.
>
> Thanks very much. I've uploaded the pcap file here. It's about ~100MB compressed, and represents about 4hrs of data, I believe.
> https://drive.google.com/file/d/1KUpDoQ2zuz5ITeKuO0BhlK7JvWSUAG3B/view?usp=sharing
>
> Thanks,
> Alex
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users


More information about the bind-users mailing list