bind-users Digest, Vol 1361, Issue 2
Ed LaFrance
edl at connexinternet.com
Sun Nov 11 22:17:06 UTC 2012
Did not get your post for some reason. I am running IP tables with a
simple firewall setup. No idea on ip_conntrack. How do I check and if
so, what setting should I try and how do I do it?
Thanks!
Ed
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 11 Nov 2012 12:41:53 +0000 (GMT)
> From: "G.W. Haywood"<bind at jubileegroup.co.uk>
> To:bind-users at lists.isc.org
> Subject: Re: Need to improve named performance
> Message-ID:
> <Pine.LNX.4.64.1211111236160.19338 at mail5.jubileegroup.co.uk>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> Hi there,
>
> On Sun, 11 Nov 2012, Ed LaFrance wrote:
>
>> > Running BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 ...
> Somebody already said upgrade. Generally that's the first thing to do
> in a case like this (before asking on mailing lists:).
>
>> > The issue is that named is not keeping up with rdns requests. The
>> > nameserver is only doing rdns, and it's the only public process on the
>> > server (no webhosting, monitoring, etc).
>> >
>> > When I check the router above this server I'll see 200 - 500 legitimate
>> > connections to this server at any given time. ...
> I'm not convinced that BIND is the problem. What does 'top' tell you?
>
> Are you running netfilter/iptables on the box? Might be ip_conntrack.
> I once had an issue with a lot of dropped TCP connections, each of
> which was hanging around for five days (the default). They filled the
> connection tracking table. The default is too long, ridiculously so.
> After I reduced it to something more reasonable the problem went away.
>
> --
>
> 73,
> Ged.
>
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
More information about the bind-users
mailing list