High recursive client counts
Jason Brandt
jbrandt at fsmail.bradley.edu
Tue Mar 25 19:02:00 UTC 2014
Mark,
That's a very good question, and something we had thought of as a
possibility as well. I hadn't seen any good information in relation to
entropy, so I'll check into your link. We had noticed that on other things
as well, due to the virtual environment, but nothing that caused
performance issues.
I'm not sure how bind uses randoms, but I know it is a requirement.
Perhaps someone else knows? From what I saw it seemed to be used
primarily for signing zones.
For now, I've disabled DNS inspection on our firewall, as it is an ancient
Cisco firewall services module, and that seems to have stabilized things,
but it's only been 30 minutes or so. Until I get a few days in, I'll keep
researching.
Again, thanks all. Your input and help is greatly appreciated.
On Tue, Mar 25, 2014 at 1:31 PM, Mark Elkins <mje at posix.co.za> wrote:
> This might be a dumb answer but as the machine is part of a virtual
> server, perhaps you have simply run out of entropy? I know its a
> Resolver... but isn't perhaps BIND using Entropy to randomly talk on
> different ports to get answers?
>
> What about installing the 'haveged' package,
> www.irisa.fr/caps/projects/hipsor
>
> I don't see this doing any harm.
>
> I've personally found that not doing this on Virtual machines just makes
> them 'choke up'.
>
> --
> . . ___. .__ Posix Systems - (South) Africa
> /| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
>
>
--
Jason K. Brandt
Systems Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140325/eb9c3824/attachment.html>
More information about the bind-users
mailing list