slow non-cached quries

TMK engtmk at gmail.com
Fri Sep 9 17:31:39 UTC 2011 

On Sep 8, 2011 1:31 PM, "TMK" <engtmk at gmail.com> wrote:
>
> On Tue, Sep 6, 2011 at 6:13 PM, TMK <engtmk at gmail.com> wrote:
> > On Sat, Sep 3, 2011 at 2:06 PM, TMK <engtmk at gmail.com> wrote:
> >>
> >>> Message: 1
> >>> Date: Fri, 2 Sep 2011 10:05:42 +0200
> >>
> >>> From: TMK <engtmk at gmail.com>
> >>> Subject: Re: Fwd: Re: slow non-cached quries
> >>> To: bind-users at lists.isc.org
> >>> Message-ID:
> >>>
> >>>  <CAAKgOtgCoQdSZ2FJC8Y3kL+bj1gUabSB0ohoxnu+DgT8fyF0Hg at mail.gmail.com>
> >>> Content-Type: text/plain; charset="iso-8859-1"
> >>>
> >>> On Sep 2, 2011 9:48 AM, "TMK" <engtmk at gmail.com> wrote:
> >>> >
> >>> > ---------- Forwarded message ----------
> >>> > From: "Leonard Mills" <lenm at yahoo.com>
> >>> > Date: Aug 31, 2011 8:15 PM
> >>> > Subject: Re: slow non-cached quries
> >>> > To: "TMK" <engtmk at gmail.com>
> >>> >
> >>> > ;; Received 738 bytes from 192.112.36.4#53(G.ROOT-SERVERS.NET) in
3133
> >>> > ms
> >>> >
> >>> > That pretty much is your delay.  Look to your intermediate network
> >>> segments, especially any smart devices.
> >>> >
> >>> >> ________________________________
> >>> >> From: TMK <engtmk at gmail.com>
> >>> >> To: Mark Andrews <marka at isc.org>
> >>> >> Cc: bind-users at isc.org
> >>> >> Sent: Wednesday, August 31, 2011 4:44 AM
> >>> >> Subject: Re: slow non-cached quries
> >>> >>
> >>> >> On Tue, Aug 30, 2011 at 9:26 AM, TMK <engtmk at gmail.com> wrote:
> >>> >>
> >>> >>
> >> Actually we have around 6 servers. All I need to do is to reduce the
> >> response time for the uncached responses as much as possible. So will
the
> >> master cache server save maybe 200 sec of the response time which is
good
> >> number is there any other way to force my server to contact gtld
servers
> >> closer to its geoloc in Africa to reduce the round trip times is that
> >> possible
> >
> > one of the worst responses time we captured on our network was for
> > domain : a.root-servers.net (this is represent 5% of our dns traffic).
> > we got response time up to 30 sec.
> >
> > I know this queries can be generated by viruses. but I need to know:
> >
> > why the bind responding so slowly to such domain > 30 sec and if there
> > is way to reduce such time.(even if it is query from a virus)
> >
> > Regards,
> >
>
> Dears,
>
> any recommendation would be much appreciated.
>
> Regards,

We have find the reason why our network analyzer report that bind is
responding to a.root-server.net in 30 sec.

Cause all the packets are having the same source port and the same
identification I'd which makes it impossible for it to determine the
query/response pairs.

Just one question why doesn't the bind drop such packets.

Can we use the quiries per client config to limit such quiries

Thx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110909/c945fe21/attachment.html>

More information about the bind-users mailing list