pinging problem with DNS server
Pete Ehlke
pde at ehlke.net
Sun May 19 03:37:41 UTC 2002
On Sat, May 18, 2002 at 09:29:25PM -0400, Danny Mayer wrote:
>
> At 08:36 AM 5/18/02, Pete Ehlke wrote:
> >On Wed, May 15, 2002 at 10:46:57PM -0400, Danny Mayer wrote:
> > >
> > > DNS servers don't use ping (ICMP). What are you really seeing? Why don't
> > > you post some logs to demonstrate what you are really concerned about?
> > >
> >Not so fast, Danny ;)
> >
> >AIX 4.3.3 servers will do exactly that. They're attempting to perform
> >PMTUD using ICMP, and they do it with every host they talk to. It was an
> >ugly practice, and IBM dropped it pretty quickly.
>
> Gag! That's not a BIND DNS server then! I can imagine the overhead involved
> in doing this, particularly if the server is busy. Of course, the
> resolvers are far
> more likely to timeout the request in a situation like this and go to the next
> available DNS server.
>
> Uninstall whatever is running on that machine and install BIND.
>
The original poster is running BIND (albeit a very old BIND), but the
name server software is not what is responsible for the ICMP packets
that he is seeing. The operating system itself is: AIX 4.3.3 shipped
with active path mtu discovery enabled by default, and it performs that
discovery by sending an ICMP packet of the size of the interface's
default MTU, with the don't frag bit set, and listening for complaints.
If something along the route yells back about the don't frag packet, it
decrements the size and tries again. And it does this for every host it
communicates with. If your AIX machine is busy enough, you end up with
thousands of host routes, each with its own MTU.
While PMTUD is a nifty thing to have around, this... erm... feature...
of AIX 4.3.3 is a tad annoying, and the overhead it introduces can be
hell on really busy http/dns/smtp/whatever servers.
There's been plenty of discussion of this in comp.unix.aix over the
years; a quick search on udp_pmtu_discover or tcp_pmtu_discover in that
group should tell you all you ever wanted to know about why they call it
Aches ;)
-P, happily recovered from AIX administration.
More information about the bind-users
mailing list