BIND 9.7 behavior - lack of response causes
Fr34k
freaknetboy at yahoo.com
Mon Apr 4 19:58:17 UTC 2011
Hello,
Given: BIND 9.7.2-P2 on Solaris 10.
For about an hour, I had a network event where a caching DNS server could not
get recursive queries back from authoritative DNS servers on the Internet.
Obviously, this is a problem.
Moreover, the authority for our most popular hostnames have set very low TTLs
(less than a minute), so nothing in cache for the server to call upon during
this hour long event.
Yuck.
A snoop of port 53 traffic at the time shows client PCs requested hostname
resolution -- as they would normally do.
Now, for the interesting part.
>From the same snoop of traffic, the caching DNS server did not send ANY response
back to these PC clients for these low TTL popular hostnames.
Keep in mind that I did snoop until *after* the event started.
So, it may be the case that some BIND mechanism was behaving appropriate for
queries which it could not act upon. I can appreciate that BIND makes decisions
with network performance in mind.
In my attempts to understand negative caching, Sections 7.1 and 7.2 of RFC 2308
list Server Failure and Dead / Unreachable Server as "(OPTIONAL)" utilities.
Bind 9.7 ARM says that "the server stores negative answers" for (default) 3
hours; however, I'm not sure what the expected BIND behavior is.
Would some mechanism, such has max-ncache-ttl or clients-per-query, be
responsible for this lack of return traffic?
Anyone have ideas to share?
Thank you.
More information about the bind-users
mailing list