High recursive client counts
Jason Brandt
jbrandt at fsmail.bradley.edu
Wed Mar 26 12:09:17 UTC 2014
The code on our FWSMs isn't the latest release, so that could be part of
the issue, but it's been about 16 hours now since I shut it off, and so far
so good. I would say though with the other load on our firewalls, it's
highly possible that they were being overloaded. Unfortunately our MRTG
isn't setup to track firewall CPU, so I can't say for sure.
Thanks,
Jason
On Wed, Mar 26, 2014 at 4:02 AM, Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> In article <mailman.2530.1395774135.20661.bind-users at lists.isc.org>,
> Jason Brandt <jbrandt at fsmail.bradley.edu> wrote:
>
> > For now, I've disabled DNS inspection on our firewall, as it is an
> ancient
> > Cisco firewall services module, and that seems to have stabilized things,
> > but it's only been 30 minutes or so. Until I get a few days in, I'll
> keep
> > researching.
>
> We used to run DNS inspection on our FWSMs. We didn't notice any issues
> with DNS resolution per se, but we did find that turning it off dropped
> the FWSM CPU from ~70% to less than 30%. We're not aware of any issues
> that using DNS inspection might have caused.
>
> Sam
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Jason K. Brandt
Systems Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140326/9c75e1fe/attachment.html>
More information about the bind-users
mailing list