Re: Querying locally on a nameserver - odd behavior
On Wednesday, September 21, 2016 at 8:10:16 AM UTC-7, Graham Clinch wrote: > >>> I have a DNS server (which is both forwarder and authoritative NS) and I > >>> see this odd behavior locally on the host: > >>> > >>> dig @localhost # returns immediately with right response > >>> > >>> dig @ # returns sometimes, timesout most > >>> of the time > > [...] > > during this behavior, I saw lots of UDP packet loss on the host: > > > > netstat -s | egrep -A4 "Udp:" > > ... > > .. > > > > > > I tried similar local queries when traffic reduced (and when UDP pkt loss > > was zero) and both local queries succeeded. > > Which version of Bind are you running? This sounds like an issue I've > seen with prefetch in 9.10 before 9.10.4. > > https://kb.isc.org/article/AA-01315/0/prefetch-performance-in-BIND-9.10.html > > Graham BIND 9.8.x. This behavior is seen when there are flood of NXDOMAIN queries sent to our nameserver running BIND 9.8.x As a short-term fix, we have added our nameservers behind a netscalar VIP and provided additional capacity to hadoop applications. I hope I'll have some time soon to get to the bottom of this problem (or just upgrade to BIND 9.10.x ? :) ) thanks Blr ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host: dig @localhost # returns immediately with right response dig @ # returns sometimes, timesout most of the time > [...] during this behavior, I saw lots of UDP packet loss on the host: netstat -s | egrep -A4 "Udp:" ... .. I tried similar local queries when traffic reduced (and when UDP pkt loss was zero) and both local queries succeeded. Which version of Bind are you running? This sounds like an issue I've seen with prefetch in 9.10 before 9.10.4. https://kb.isc.org/article/AA-01315/0/prefetch-performance-in-BIND-9.10.html Graham ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas wrote: > On 20.09.16 20:27, blrmaani wrote: > >I have a DNS server (which is both forwarder and authoritative NS) and I see > >this odd behavior locally on the host: > > > >dig @localhost # returns immediately with right response > > > >dig @ # returns sometimes, timesout most of > >the time > > > > > >I have allow-query {any;} in BIND config and the above is local on > >the host (obtained via slaving). The listen-on is set to 'any' on port-53 > > > >What am I missing? Why this odd behavior? > > a firewall probably? > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Atheism is a non-prophet organization. I checked for firewall, didn't find any locally on the host (no tcpwrapper enabled). Also, during this behavior, I saw lots of UDP packet loss on the host: netstat -s | egrep -A4 "Udp:" ... .. I tried similar local queries when traffic reduced (and when UDP pkt loss was zero) and both local queries succeeded. Still struggling to identify the root cause. PS: There were several NXDOMAIN queries (around 95%) sent to this DNS server during peak hours and NXDOMAIN reduced after business hours. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
On 20.09.16 20:27, blrmaani wrote: I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host: dig @localhost # returns immediately with right response dig @ # returns sometimes, timesout most of the time I have allow-query {any;} in BIND config and the above is local on the host (obtained via slaving). The listen-on is set to 'any' on port-53 What am I missing? Why this odd behavior? a firewall probably? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users