Bind traffic to root servers - too much?
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Tue May 8 23:01:40 UTC 2001
> I have a pair of Bind 8.2.3 servers which are auth for my domains. That is
> all they do - answer external queries for my hosts. Our internal clients use
> our ISP's DNS Servers. Security is set so that the secondary is the only
> host that can transfer from the primary (I believe is is a pull, not a push
> scenario). Everything works fine - people looking for our external systems
> find them just fine (web site, ftp and email server)
>
> I brought up tcpdump however and see loads of traffic being generated by my
> Bind servers querying the Root servers as follows (IPs changed to protect
> the innocent):
>
> 11:14:50.418712 111.222.33.44.27652 > m.root-servers.net.domain: 52755 NS? .
> (17)
> 11:14:52.825980 111.222.33.55.38798 > i.root-servers.net.domain: 20116 NS? .
> (17)
> 11:14:56.827148 111.222.33.55.38798 > c.root-servers.net.domain: 20116 NS? .
> (17)
> 11:14:58.420256 111.222.33.44.27652 > h.root-servers.net.domain: 52755 NS? .
> (17)
>
> My DNS Servers are in a DMZ and I'm unsure if they keep querying because
> they can't get through the firewall (tcp 53 is open for inside and dmz to
> query out) or if the DNS servers are misconfigured.
>
> Any ideas?
> Thanks
> Steve
>
>
>
The servers are trying to prime themselves, i.e. find the current
set of root servers. Even authoratative servers need to know the
current set of root servers.
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list