DNS timeouts seems to not be forwarding

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri Feb 7 22:18:41 UTC 2003 

Gary <gsebel at hotmail.com> wrote:

> I manage DNS servers and every few days/weeks this one locks up and
> will not work. We try to do local lookups and we get DNS timeouts.

> It is split DNS with the internal forwarding to the public interface.

> What i see is the internal interface sending the request to forwarder
> and it does not respond, it is as if it keeps sending request to the
> forwarder but the forwarder does  not know how to talk to it.  If i
> restart the 2 named procs the internal one will work responding for
> its local entries but even this after a few minutes will slow down and
> eventually stop working. The external interface however is fine while
> this is happening. Although the internal named proc can not speak
> properly to public named process i can go from an outside machine
> connect to the server and do lookups.  It is just my other named
> process that is trying to forward that is failing to forward and after
> a few tries can not look up local queries either, so just hangs
> causing issue to the machines speaking to it.

> And finally, the only time the problem is fixed is on a full reboot of
> the OS.
>  
> All works fine internal does queries to itself w/o slowing down and
> eventually failling, and the internal inteface can query the public
> interface as the forwarding starts to work w/o issue. And wont have a
> problem again for a few days or a week.

> i am running solaris 8, named 8.2.6-REL ( can not upgrade this server
> to 8.3.X or 9.X b/c of some legacy issue)

> any suggestions or clues to help figure out the problem would be
> apprieciated.
> -gary

Sounds like an OS problem.

Running 2 named might not be the most "safe" solution, neither does running 
an outdated named.  I'll suggest you install the internal server on a new machine
located inside.



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list