1. What version of LEAF is involved?
2. How many clients are involved? (Without that information, how can anyone answer the question you ask: "is it because there are too many clients in my internal network?") What is the volume of DNS lookup activity on the system?
3. When you "stop" dnscachex, how are the internal clients resolving off-LAN names?
4. Am I correct in reading the diagram you posted as saying that the internal subnets connect to eth1 on the RH host? Then they use the RH host as some sort of router (NAT'ing?) to reach the LEAF router?
5. Finally, am I correct in assuming that there is an actual problem with DNS, not just a lot of messages in the LEAF router's logs? If not, why not just ignore the log messages?
Luis' suggestion -- that you run dnscache on the LEAF router, not the RH host -- should work for the reason he says. But it assumes that the LEAF router has sufficient memory to store the cache (and enough CPU to do the work, though missing that is unlikely).
An alternative ... at least for some versions of LEAF ... is to change the MASQ timeouts so idle connections terminate more quickly. Getting this timing right is especially important for UDP, since they don't terminate explicitly, as TCP connections (often) do.
I suspect you would do better to understand what is causing the problem before you try to fix it. A DNS cache on-LAN should serve to reduce DNS traffic (since many responses will be cached) below what would occur if the various LAN clients were doing individual DNS queries to off-LAN nameservers.
For you to see a MASQ problem involving this setup, you would almost surely have to
A. be doing a very high volume of Internet activity to different FQNs (so the cache doesn't reduce query volume effectively).
B. Have comparatively long MASQ timeouts set, so connections do not expire promptly.
C. Possibly, have dnscachex set up improperly, so it does not cache as much as it should.
At 06:59 PM 2/16/2004 -0800, greg gede wrote:
Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864)
here's my network looks like : ------------- -----------------------
|leaf-router| |RH9 squid & dnscachex| to -----|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | ------------- ----------------------- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C ------|
everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it?
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
