High recursive client counts
Sam Wilson
Sam.Wilson at ed.ac.uk
Wed Mar 26 09:02:02 UTC 2014
In article <mailman.2530.1395774135.20661.bind-users at lists.isc.org>,
Jason Brandt <jbrandt at fsmail.bradley.edu> wrote:
> For now, I've disabled DNS inspection on our firewall, as it is an ancient
> Cisco firewall services module, and that seems to have stabilized things,
> but it's only been 30 minutes or so. Until I get a few days in, I'll keep
> researching.
We used to run DNS inspection on our FWSMs. We didn't notice any issues
with DNS resolution per se, but we did find that turning it off dropped
the FWSM CPU from ~70% to less than 30%. We're not aware of any issues
that using DNS inspection might have caused.
Sam
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the bind-users
mailing list