named is causing severe traffic

[Kevin Darcy]

1. If you're using private addressing and DNS, you really need to set up
your server as master for the relevant in-addr.arpa zone(s)
(168.192.in-addr.arpa, in your case) so that you don't pollute the
Internet DNS with those queries.
2. Find out what on your network is generating a reverse lookup for
192.168.100.1 "every minute or so" and shut it up.
3. Your forwarder appears to be not giving you good answers to ./NS and
1.100.168.192.in-addr.arpa/PTR queries. If you were getting a good
answer to either of those (even a negative "doesn't exist" answer would
be considered a "good" one), you'd cache it and wouldn't have to keep
re-asking the same question over and over again. Do some investigation
with "dig" or whatever to see how the forwarder responds to such
queries. If necessary, talk to the admin(s) of the forwarder.


- Kevin

Piet Pelz wrote:

> Desperate as I am I am reffering to the list to find a solution
> for my problem.
>
> Situation:
>
> Box gw runs Linux firewall, masqerading and sqid over ippp ISDN
> line with dynamic IP and dial on demand.
>
> Box mx runs Linux mailserver and DNS (bind8.2 patchlevel 5) as
> cahing only. Whenever I start named severe traffic is caused.
> Listening to eth0 (connects the two boxes and the rest of the
> net) by tcpdump shows that a connection is being made to the
> forwarders (forward only) in the form
>
> internal.domain.1088 > ns.out.there.domain: 4857+ NS? . (17)
> internal.domain.1089 > ns.out.there.domain: 18630+ PTR? \
> 1.100.168.192.in-addr.arpa. (44)
>
> every minute or so.
>
> That keeps the line open on the dial on demand box although
> nothing really happens on the mx box.
>
> And, there are a lot of arp requests for the gateway, again every
> minute or so.
>
> Any ideas? What could I possibly have done wrong?
>
> I read the DNS HowTo and named man page but I am still desperate.
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup