Information On Port UDP/53 (Newbie)
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 21 00:00:40 UTC 2000
Roughly 10,000 packets sent and received in the course of only 10 seconds? I
wouldn't call that "normal". 1,000 queries per second is getting into root
server territoryThe first thing I'd do is turn on query logging. You probably
already know from your packet-logging tool *where* the queries are coming
from, but query logging will tell you *what* is being queried. If the same
names are being queried over and over again at this rate, it's probably some
process(es) on the client(s) that have gone haywire. Occasionally I see this
kind of behavior here (although not to that extent). If I don't happen to know
who owns the client in question, I usually just blackhole the client address
as a protective measure. I can't afford to let one misconfigured/misbehaving
client threaten the reliability and/or performance of all other clients that
the nameserver supports.
- Kevin
Christopher Tarricone wrote:
> I am running some packet loggers (perro) on one of my servers and there
> seems to be an incredible about of traffic on UDP/53. My question is this
> normal? This is not exactly what one would call a busy server.
>
> 13:37:38 11/16/00 63.89.28.4 tar-valon.pds2k.com 53 domain
>
> Thousands of these (Span of 10 seconds)
> Udp:
> 7265294 packets received
> 1356 packets to unknown port received.
> 0 packet receive errors
> 7276197 packets sent
> Udp:
> 7275536 packets received
> 1356 packets to unknown port received.
> 0 packet receive errors
> 7286440 packets sent
>
> If there is something wrong where would I start? I am running BIND 8.2.2-P7
> on RH Linux 6.1
More information about the bind-users
mailing list