High recursive client counts
Jason Brandt
jbrandt at fsmail.bradley.edu
Wed Mar 26 12:57:29 UTC 2014
I had it set as:
policy-map global_policy
class inspection_default
inspect dns maximum-length 4096
Which is what Cisco recommends. EDNS tests worked fine, but the BIND
servers would still get backed up.
On Wed, Mar 26, 2014 at 7:35 AM, Thom, Paul E <Paul.Thom at ssc-spc.gc.ca>wrote:
> Do you have the FWSM DNS inspection configured to support EDNS. Not
> sure if I have seen ASA / PIX code causing that problem when EDNS support
> was not configured on the firewalls but it's something to look at.
>
>
>
>
>
> *From:* bind-users-bounces+paul.thom=dfo-mpo.gc.ca at lists.isc.org [mailto:
> bind-users-bounces+paul.thom=dfo-mpo.gc.ca at lists.isc.org] *On Behalf Of *Jason
> Brandt
> *Sent:* March-26-14 9:09 AM
> *To:* Sam Wilson
> *Cc:* comp-protocols-dns-bind at isc.org
> *Subject:* Re: High recursive client counts
>
>
>
> The code on our FWSMs isn't the latest release, so that could be part of
> the issue, but it's been about 16 hours now since I shut it off, and so far
> so good. I would say though with the other load on our firewalls, it's
> highly possible that they were being overloaded. Unfortunately our MRTG
> isn't setup to track firewall CPU, so I can't say for sure.
>
>
>
> Thanks,
>
> Jason
>
> --
>
> Jason K. Brandt
>
> Systems Administrator
>
>
>
--
Jason K. Brandt
Systems Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140326/337667d3/attachment.html>
More information about the bind-users
mailing list