Problem with some domains and some domain resolved
Nayeem
nayeem at ksa.zajil.com
Wed Jul 11 10:42:22 UTC 2007
Thanks every one that problem solved, I implement 2 things that first
blackhole option for some IPs which I saw using tcpdump that to many request
and recursive-clients to 5000.
When I was inform to our network team that may be problem in network
yesterday but they refused to have problem in firewall, connectivity or
routing.
So it could be possible that More request from some IPs will stop to resolve
domain name ?
Is there any utility to get information that to get IP which effecting DNS
Server.
Regards,
Nayeem.
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
Of Niall O'Reilly
Sent: Wednesday, July 11, 2007 12:05 PM
To: Nayeem
Cc: Niall O'Reilly; bind-users at isc.org List
Subject: Re: Problem with some domains and some domain resolved
On 10 Jul 2007, at 21:39, Dawn Connelly wrote:
> no more recursive clients: quota reached usually indicates that
> your DNS
> server is overloaded. [ ... ] that means that something is DoS'ing
> your server.
In our environment, this kind of overload is typically due to loss
of a network link. We have a couple of outlying campuses with only
one link. Local clients continue making requests, but the
resolving server can't reach any authority for the names queried.
The queue just grows until the limit is reached. Tuning the limit
in these circumstances has only a cosmetic effect.
I would suggest checking connectivity, routing, firewalls, and
so on.
Best regards,
Niall O'Reilly
University College Dublin IT Services
PGP key ID: AE995ED9 (see www.pgp.net)
Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
More information about the bind-users
mailing list