Weird performance issue.
Tom Greaser
tgreaser at hsc.wvu.edu
Thu Aug 21 11:29:01 UTC 2008
IF so.
What dose the upstream NS servers say is your NS servers are for your domain ?
When you do a dig what dose the output show ?
Or
Are you just trying to point your local users to use the newer 9.5.0.dfsg.P1-2 package box ?
>>> Cedric Lejeune <cedric.lejeune at arcelormittal.com> 08/21/08 5:21 AM >>>
Unfortunately, MAC address are not 'hardcoded' in our firewall, at least
not thoses regarding DNS servers. One thing I have forgotten in my
previous post is that our mail router _is_ currently running pretty fine
using the new server. But as soon as we switch IP address, everything
goes wrong =/
Thanks for your help.
Kind regards,
cedric.
Fr34k wrote:
> Is your firewall set to arp for different MAC addresses?
> If so, was that updated to reflect the changes you are trying to make?
> I did Checkpoint in a former life, and I can remember defining static arp entries for some of the NAT setup we had.
> Is is all I can think of or remember.
> HTH
>
>
>
> ----- Original Message ----
> From: Cedric Lejeune <cedric.lejeune at arcelormittal.com>
> To: bind-users at isc.org
> Sent: Wednesday, August 20, 2008 10:08:40 AM
> Subject: Weird performance issue.
>
> Hello list,
> We currently running two instances of bind9, each one on a different
> host. Both hosts have their own IP address and basic tests work perfectly:
> - ping of external server(s) work fine (FQDN and IP address)
> - host resolution works fine
> - named processes number is quite low (~16)
>
> The problem occurs when we try to move IP address from master server to
> slave server:
> - ping of external server(s) failed (FQDN and IP address)
> - host resolution take a huge time to complete or do not complete at all
> (timeout)
> - processes number increases significantly (~1000, which seems to
> correspond to recursive-clients default value)
>
> We have taken care of everything we can think of:
> - bind9 configuration
> - network configuration
> - arp resolution
> - firewall configuration (although being a CheckPoint firewall, Smart
> Defense does not seem to cause any issue since only logging is
> activated, cf
> http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/cfa8c63ec6bd08d6
> . Firewall log does not show anything weird too.)
>
> Log do not show anything relevant to me, except the well known "too many
> timeouts resolving 'ns2.highergroundtech.com/AAAA' (in
> 'highergroundtech.com'?): disabling EDNS" message.
>
> We currently running BIND9 on Linux Debian:
> - the one running perfectly is a quite outdated 9.2.1-2.woody.1 package
> - the one causing problem is a quite up to date 1:9.5.0.dfsg.P1-2 package
>
> Configuration files have only been updated to reflect releases changes.
>
> Do you have any hint or advice so I can at least look at where the issue
> comes from and then try to solve it?
>
> Thanks for your help,
>
> Kind regards,
>
> cedric.
>
More information about the bind-users
mailing list