dns cache issue

Edwardo Garcia wdgarc88 at gmail.com
Thu Jan 10 05:05:41 UTC 2019 

With new windows update last day, we notice something strange, our local
DNS cache server timeout on lookups.

For example lookup google.com, 1 minute later fails timeout looking up, but
since it has already looked it up it should have returned answer from cache
yes? google has a 5min TTL, my cache doesnt cacher it for even  1ns it seems

QoS on router gives DNS (udp and tcp)and VoIP highest priority, everything
else is default QoS must be working because if I do
host www.google.com $externalDNSserver   I get an answer pretty much right
away,  immediately try again on our local dns server it times out cant
connect to any servers.
this contrinues on, if I drop the LAN port on switch the windows update
machine uses,  it resolves google.com again, bring back up that port, it
times out again.

this only happens on congestion, with our cable link maxed out.

(never thought i'd see the day when a windows pc would take out an entire
network)

Below is my named.conf I have to be missing something ?

BIND 9.11.2-P1
running on Linux i686 3.16.58 #1 SMP Sat Sep 29 11:06:24 AEST 2018
built by make with defaults

acl "trusted" { localhost; 198.162.100.0/24; };
acl "sysop" { localhost; 192.168.100.6; };

options {
        directory "/var/named";
        allow-query { trusted; };
        allow-query-cache { trusted; };
        allow-transfer { sysop; };
        transfer-format many-answers;
        masterfile-format text;
        interface-interval 0;
        response-policy {zone "rpz.lan"; };
        dnssec-enable yes;
        dnssec-validation auto;
        empty-zones-enable yes;
};

server fe80::/16 { bogus yes; };

logging {
        category lame-servers { null; };
        category edns-disabled { null; };
        category client { null; };
        category dnssec { null; };
         //channel log_queries { file "/var/named/query.log";
print-category yes; };
         //category queries { log_queries; };
        channel log-rpz { file "/var/log/rpz.log" versions 10 25m; severity
info; };
        category rpz { log-rpz; };
};

zone "." {
        type hint;
        file "root.cache";

zone "rpz.lan" {
        type master;
        file "rpz.lan";
        allow-query { trusted; };
        allow-update {none;};
        notify no;
};


zone "akamai.net" {
        type forward;
        forward first;
        forwarders { xxxxxx; xxxxxx; };
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190110/39d87de4/attachment.html>

More information about the bind-users mailing list