Re: Querying locally on a nameserver - odd behavior
On Wednesday, September 21, 2016 at 8:10:16 AM UTC-7, Graham Clinch wrote: > >>> I have a DNS server (which is both forwarder and authoritative NS) and I > >>> see this odd behavior locally on the host: > >>> > >>> dig @localhost # returns immediately with right response > >>> > >>> dig @ # returns sometimes, timesout most > >>> of the time > > [...] > > during this behavior, I saw lots of UDP packet loss on the host: > > > > netstat -s | egrep -A4 "Udp:" > > ... > > .. > > > > > > I tried similar local queries when traffic reduced (and when UDP pkt loss > > was zero) and both local queries succeeded. > > Which version of Bind are you running? This sounds like an issue I've > seen with prefetch in 9.10 before 9.10.4. > > https://kb.isc.org/article/AA-01315/0/prefetch-performance-in-BIND-9.10.html > > Graham BIND 9.8.x. This behavior is seen when there are flood of NXDOMAIN queries sent to our nameserver running BIND 9.8.x As a short-term fix, we have added our nameservers behind a netscalar VIP and provided additional capacity to hadoop applications. I hope I'll have some time soon to get to the bottom of this problem (or just upgrade to BIND 9.10.x ? :) ) thanks Blr ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host: dig @localhost # returns immediately with right response dig @ # returns sometimes, timesout most of the time > [...] during this behavior, I saw lots of UDP packet loss on the host: netstat -s | egrep -A4 "Udp:" ... .. I tried similar local queries when traffic reduced (and when UDP pkt loss was zero) and both local queries succeeded. Which version of Bind are you running? This sounds like an issue I've seen with prefetch in 9.10 before 9.10.4. https://kb.isc.org/article/AA-01315/0/prefetch-performance-in-BIND-9.10.html Graham ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas
wrote:
> On 20.09.16 20:27, blrmaani wrote:
> >I have a DNS server (which is both forwarder and authoritative NS) and I see
> >this odd behavior locally on the host:
> >
> >dig @localhost # returns immediately with right response
> >
> >dig @ # returns sometimes, timesout most of
> >the time
> >
> >
> >I have allow-query {any;} in BIND config and the above is local on
> >the host (obtained via slaving). The listen-on is set to 'any' on port-53
> >
> >What am I missing? Why this odd behavior?
>
> a firewall probably?
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Atheism is a non-prophet organization.
I checked for firewall, didn't find any locally on the host (no tcpwrapper
enabled). Also, during this behavior, I saw lots of UDP packet loss on the host:
netstat -s | egrep -A4 "Udp:"
...
..
I tried similar local queries when traffic reduced (and when UDP pkt loss was
zero) and both local queries succeeded.
Still struggling to identify the root cause.
PS: There were several NXDOMAIN queries (around 95%) sent to this DNS server
during peak hours and NXDOMAIN reduced after business hours.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Querying locally on a nameserver - odd behavior
On 20.09.16 20:27, blrmaani wrote:
I have a DNS server (which is both forwarder and authoritative NS) and I see
this odd behavior locally on the host:
dig @localhost # returns immediately with right response
dig @ # returns sometimes, timesout most of
the time
I have allow-query {any;} in BIND config and the above is local on the
host (obtained via slaving). The listen-on is set to 'any' on port-53
What am I missing? Why this odd behavior?
a firewall probably?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
