BIND keeps my connection alive

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Sep 25 18:01:33 UTC 2002 

Lejf Diecks <bastard_operator at gmx.li> wrote:

> Hi,

> I'm connected to the Internet via ADSL (Dial-On-Demand). The System runs
> RedHat 7.3 (Kernel 2.4.18-3) and acts as a router/DNS-Server (BIND 9.2.1).

> Once a connection is established, the router stays online. Using "tcpdump"
> shows the reason: my DNS-server generates permanently traffic and keeps the
> connection alive. The dump shows my providers DNS-Server and a lot of other
> addresses, too.

> This looks to me like an update between my DNS-Server and other machines
> (???). How do I stop this behavior? (The config files I've changed are
> below).

You cannot totally stop it. However some measure canm be done :

- stop forwarding( there is no point in running a nameserver if
you forward everything )
- stop asking for things, running tcpdump without "-n" will continously
ask DNS about names 
- twidle the options : "dialup dialup_option;, quiting from
the arm-book :

dialup

    If yes, then the server treats all zones as if they are doing zone transfers across a dial on demand dialup
    link, which can be brought up by traffic originating from this server. This has different effects according to
    zone type and concentrates the zone maintenance so that it all happens in a short interval, once every
    heartbeat-interval and hopefully during the one call. It also suppresses some of the normal zone
    maintenance traffic. The default is no.

    The dialup option may also be specified in the view and zone statements, in which case it overrides the
    global dialup option.

    If the zone is a master zone then the server will send out a NOTIFY request to all the slaves. This will
    trigger the zone serial number check in the slave (providing it supports NOTIFY) allowing the slave to
    verify the zone while the connection is active.

    If the zone is a slave or stub zone, then the server will suppress the regular "zone up to date" (refresh)
    queries and only perform them when the heartbeat-interval expires in addition to sending NOTIFY
    requests.

    Finer control can be achieved by using notify which only sends NOTIFY messages,
    notify-passive which sends NOTIFY messages and suppresses the normal refresh queries,
    refresh which suppresses normal refresh processing and send refresh queries when the
    heartbeat-interval expires and passive which just disables normal refresh processing.



> Regards,
> Lejf

> ----- config files for BIND 9.2.1 on RedHat Linux 7.3 ------

> //////////////////// named.conf ///////////////////////////
> // generated by named-bootconf.pl

> options {

> // hier liegen die config-files!

> directory "/var/named";

> /*

> * If there is a firewall between you and nameservers you want

> * to talk to, you might need to uncomment the query-source

> * directive below. Previous versions of BIND always asked

> * questions using port 53, but BIND 8.1 uses an unprivileged

> * port by default.

> */

> // query-source address * port 53;

> //

> // a caching only nameserver config

> //

> forwarders {

> 194.25.2.129;

> 194.25.2.130;

> 194.25.2.131;

> 194.25.2.132;

> 194.25.2.133;

> 194.25.2.134;

> };

> };

> controls {

> inet 127.0.0.1 allow { localhost; } keys { rndckey; };

> };

> zone "." IN {

> type hint;

> file "named.ca";

> };

> zone "localhost" IN {

> type master;

> file "localhost.zone";

> allow-update { none; };

> };

> zone "0.0.127.in-addr.arpa" IN {

> type master;

> file "named.local";

> allow-update { none; };

> };

> // DNS fuer unsere interne Domaene "hardebek.dom"

> zone "hardebek.dom" IN {

> type master;

> file "hardebek.dom";

> allow-update { none; };

> };

> // reverse DNS fuer unsere interne Domaene "hardebek.dom"

> zone "1.100.10.in-addr.arpa" IN {

> type master;

> file "10.100.1.1";

> allow-update { none; };

> };

> include "/etc/rndc.key";


> //////////////////// resolv.conf ///////////////////////////
> search hardebek.dom

> #nameserver 194.25.2.129

> nameserver 127.0.0.1


> //////////////////// hardebek.dom ///////////////////////////
> $TTL 2D

> hardebek.dom. IN SOA @ root.localhost. (

> 2001013334 ; serial

> 1D ; refresh

> 2H ; retry

> 1W ; expiry

> 2D ) ; minimum

> IN NS @

> IN A 10.100.1.1


> server.hardebek.dom. IN A 10.100.1.1

> pc2s1.hardebek.dom. IN A 10.100.1.2

> pc3s1.hardebek.dom. IN A 10.100.1.3

> pc4s1.hardebek.dom. IN A 10.100.1.4

> .

> .

> pc254s1.hardebek.dom. IN A 10.100.1.254

> //////////////////// 10.100.1.1 ///////////////////////////
> $TTL 2D

> @ IN SOA server.hardebek.dom. root.localhost. (

> 2001013335 ; serial

> 1D ; refresh

> 2H ; retry

> 1W ; expiry

> 2D ) ; minimum

> NS server.hardebek.dom.


> 1 PTR server.hardebek.dom.

> 2 PTR pc2s1.hardebek.dom.

> 3 PTR pc3s1.hardebek.dom.

> .

> .

> 254 PTR pc254s1.hardebek.dom.







-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list