Hi there, On Fri, 15 Jun 2012, Holemans Wim wrote:
... Once or twice a day a DNS burst (20K requests/15sec) kills all connections on the firewall.
Have you disabled firewall connection tracking for DNS requests?
We have 6 dns servers (bind) on our campus, that are all authoritative for our domains and also resolver for our campus hosts. Most of our clients however use our AD/LDAP/DNS Microsoft servers as their resolver, which on their turn contact our 6 dns servers for further resolving.
Could you simply run BIND resolvers for your clients and as far as possible avoid using the Microsoft services?
Two, has anyone already seen this type of behavior on a Microsoft AD/LDAP/DNS server and has a clue what could cause this stalling ?
Yes, I've seen it. I suspect dropped packets might be the cause, but I have no hard evidence. My solution was to use BIND instead. :) -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
