On 15/06/12 16:37, Holemans Wim wrote: > > Wim Holemans > Netwerkdienst Universiteit Antwerpen > Network Services University of Antwerp > > > One of the problems is that these firewalls are going to be replaced soon and > we don't want to spend to much effort in trying to fix what seems an annoying > side-effect of something caused by a DNS system. > We actually captured dns traffic around our AD server and were we see an > average of 500 dns packets/5s in/out in normal conditions, this drops to > about 100 for 20 seconds and then rises to 2000 dns packets/5sec causing our > resolving servers to send a multiple amount of requests to the outside world > killing the firewall. One thing that comes to mind is: have you traced outside the firewall with e.g. wireshark and looked at what precedes the burst? I am thinking maybe the firewall makes a stop in the packet flow that will then trigger the flood? Possibly caused by some table in the firewall being overflowed, maybe even with unrelated traffic.
In this case, only one solution is possible. > We know changed the settings on the AD server to only use 2 of the resolving > servers (which have a max recursive clients implemented) and checked the box, > saying that the AD server could do his own lookups if the forwarders are not > available. > > -- Best regards Sten Carlsen No improvements come from shouting: "MALE > BOVINE MANURE!!!"
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
