DNS server generates an enormous amount of traffic

[Mark_Andrews at isc.org]

> Hi
> 
> I've got a machine that is primary DNS for two domains.
> 
> It's generating so much traffic as to cause 2 - 3 second pings on a 64k
> (like a USA 56k) leased line.
> 
> How can I start debugging this?
> 
> I'm starting now, but please if anyone has any ideas I need help urgently -
> I've get too many things to do tonight as it is!
> 
	This sounds like you have been listed as a nameserver for a zone
	you are not serving.  BIND 8.2 introduced a bug (fixed in 8.2.1)
	that could cause a DNS storm between servers if all the servers
	for the zone are lame.

	Turn debugging on at level 1 and look at the nlookup() calls in
	the log.  You will find that there are a lot related to one zone
	coming from off site that relate to one zone.  Create a minimal
	zone file (SOA + NS records) for that zone and add it as a master
	to your configuration.  This will at least stop the storm.

	Next upgrade to 8.2.1.  Then get the serving of the zone involved
	sorted out.

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org