Follow-up: request storms from Windows
Ian Watts
ian at Radix.Net
Sat Nov 17 14:41:50 UTC 2001
On Sat, 17 Nov 2001, Simon Waters wrote:
> > > > Okay, it turns out that this problem arises when the AD servers do a
> > > > lookup for an IP address where the ARPA zone has a CNAME for an NS
> > > > record.
> > >
> > > well that's the problem; an NS record can't point to a CNAME.
> >
> > Of course. But it shouldn't cause the server to dive into a lookup loop,
> > generating the same query over and over again as fast as it can.
> >
> > Is that not a bug?
>
> It sounds like one, Microsoft DNS related code is notoriously
> bad at coping with errors, it usually works okay when everything
> else is perfect...
>
> Can you reproduce it locally?
I did, but since I don't have access to the Microblat servers, I had to
send them a query for a known bad zone and watch the query log on my
servers, which they use for resolving all internet names.
Turning off glue fetching ("Secure against cache pollution" on Win2k), so
far *seems* to have fixed the problem. That was not enabled by default.
-- Ian
More information about the bind-users
mailing list