BIND 8.2: 99% server load when lame delegation occurs (reprised)

John N Dvorak dvorak at capu.net
Sat Jun 5 20:12:35 UTC 1999 

On Fri, 4 Jun 1999, Barry Margolin wrote:

>I just did:
>
>dig gruppo.com a @ns.capu.net +norecurse
>
>and it didn't seem to cause a loop, it just returned the NS records in the
>Authority section.

This does seem to cause the loop.  And, using nslookup (evil thing that it
is) remotely or locally (on one of the nameservers) also causes it.

>Do you have customers who use these servers as caching servers?  If so,
>they'll send recursive queries to these servers, which might be starting
>this loop.  This is one of the reasons why it's good for an ISP to use
>different machines for caching and authoritative.  You can then turn off
>recursion on the authoritative servers.

I'm causing the loop with standard lookups using dig and nslookup. Whether
customer queries also cause the problem is not known.  I doubt my
customers would be doing lookups on these domains.  It is more likely that
foreign machines are making the inquiries after consulting InterNIC.

Here's my primary concern: I can replicate this problem and others have
seen it as well.  It did not occur on 4.9.3, 4.9.5, 4.9.7, 8.1.2 or any
other version of BIND which I have run during the past 4 years.  I seem to
remember having problems such as this prior to 4.9.3, but it seemed to be
fixed with later versions of BIND.

A quick fix, as others have suggested, would be to create an empty zone
record for each lame domain.  However, with thousands of domains to
manage, this is not a practical solution.  Contacting the owners of the
domains and attempting to delete them is also not practical.

Before I drop back to 8.1.2, I would like to determine if this is, in
fact, a bug in 8.2 or if there is some subtle change in configuring 8.2
that I (and others who have experienced this problem) have missed.

I should point out that I am running 8.2 on BSDI 2.1, 3.1 and 4.0.1.

I will make my machines available for ISC in case anyone is interested in
bug hunting. :)

JD

===========================================
John N Dvorak | dvorak at capu.net
Director, Technology and Development
CapuNet, LLC - Corporate Internet Solutions
(301) 881-4900 x8018
===========================================

More information about the bind-users mailing list