OK I have the source of the problem now I just need an elegant way to fix it and most cost ( Network TCP ) effective way to fix it
The Windows Domain is responsible for X.internal.example.com and I am presently forwarding X.internal.example.com to their nameservers DC, resulting in TCP queries. Which is dragging the cache server down when PC's query for records off of [NAME].internal.example.com. I don't mind not caching X.internal.example.com so can I create an NS record or an stub entry that points the PC's else where rather than forwarding them or caching them? Thank You, Brett On Tue, Oct 22, 2013 at 9:39 PM, Alan Clegg <a...@clegg.com> wrote: > > On Oct 22, 2013, at 8:29 PM, brett smith <brett.s9...@gmail.com> wrote: > >> Yes tuning off IPTABLES conn-tracking makes a huge difference. I also >> followed: >> >> https://access.redhat.com/site/solutions/304713 >> https://access.redhat.com/site/solutions/168483 >> >> I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS >> cache server. > > You've cured the symptoms, not the illness. > > You really, REALLY need to figure out why your clients are doing TCP. You'll > see a world of difference when you solve this part of the puzzle. > > AlanC > -- > Alan Clegg | +1-919-355-8851 | a...@clegg.com > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users