IF so. What dose the upstream NS servers say is your NS servers are for your domain ? When you do a dig what dose the output show ?
Or Are you just trying to point your local users to use the newer 9.5.0.dfsg.P1-2 package box ? >>> Cedric Lejeune <[EMAIL PROTECTED]> 08/21/08 5:21 AM >>> Unfortunately, MAC address are not 'hardcoded' in our firewall, at least not thoses regarding DNS servers. One thing I have forgotten in my previous post is that our mail router _is_ currently running pretty fine using the new server. But as soon as we switch IP address, everything goes wrong =/ Thanks for your help. Kind regards, cedric. Fr34k wrote: > Is your firewall set to arp for different MAC addresses? > If so, was that updated to reflect the changes you are trying to make? > I did Checkpoint in a former life, and I can remember defining static arp > entries for some of the NAT setup we had. > Is is all I can think of or remember. > HTH > > > > ----- Original Message ---- > From: Cedric Lejeune <[EMAIL PROTECTED]> > To: [email protected] > Sent: Wednesday, August 20, 2008 10:08:40 AM > Subject: Weird performance issue. > > Hello list, > We currently running two instances of bind9, each one on a different > host. Both hosts have their own IP address and basic tests work perfectly: > - ping of external server(s) work fine (FQDN and IP address) > - host resolution works fine > - named processes number is quite low (~16) > > The problem occurs when we try to move IP address from master server to > slave server: > - ping of external server(s) failed (FQDN and IP address) > - host resolution take a huge time to complete or do not complete at all > (timeout) > - processes number increases significantly (~1000, which seems to > correspond to recursive-clients default value) > > We have taken care of everything we can think of: > - bind9 configuration > - network configuration > - arp resolution > - firewall configuration (although being a CheckPoint firewall, Smart > Defense does not seem to cause any issue since only logging is > activated, cf > http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/cfa8c63ec6bd08d6 > > . Firewall log does not show anything weird too.) > > Log do not show anything relevant to me, except the well known "too many > timeouts resolving 'ns2.highergroundtech.com/AAAA' (in > 'highergroundtech.com'?): disabling EDNS" message. > > We currently running BIND9 on Linux Debian: > - the one running perfectly is a quite outdated 9.2.1-2.woody.1 package > - the one causing problem is a quite up to date 1:9.5.0.dfsg.P1-2 package > > Configuration files have only been updated to reflect releases changes. > > Do you have any hint or advice so I can at least look at where the issue > comes from and then try to solve it? > > Thanks for your help, > > Kind regards, > > cedric. >
