From owner-freebsd-isp@FreeBSD.ORG Tue Apr 22 00:48:47 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C68037B401 for ; Tue, 22 Apr 2003 00:48:47 -0700 (PDT) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C63243FDF for ; Tue, 22 Apr 2003 00:48:46 -0700 (PDT) (envelope-from DougB@freebsd.org) Received: from master.gorean.org (12-234-22-23.client.attbi.com[12.234.22.23]) by sccrmhc01.attbi.com (sccrmhc01) with SMTP id <200304220748450010082obie>; Tue, 22 Apr 2003 07:48:45 +0000 Date: Tue, 22 Apr 2003 00:48:44 -0700 (PDT) From: Doug Barton To: Blake Swensen In-Reply-To: <3EA45775.5060707@pyramus.com> Message-ID: <20030422004227.O659@znfgre.tberna.bet> References: <3EA45775.5060707@pyramus.com> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: FreeBSD ISP List Subject: Re: BIND and/or IPFW weirdness X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Apr 2003 07:48:47 -0000 First, you should really buy, and read, "DNS and BIND, Fourth Edition." It should help you get a better understanding of how the pieces fit together. On Mon, 21 Apr 2003, Blake Swensen wrote: > I have two systems (RELENG_4_3 vintage). Well, you should definitely consider upgrading. A number of bugs have been fixed since 4.3. > Both are running BIND 8.4.3-REL You have a time machine? :) The current version is 8.3.4. > and both are running IPFW. One is acting as master DNS and the > other is acting as slave for IP4 zones DNS zones have no notion of IPv4 or IPv6. The contents of the zones might, but the zones themselves don't. > (about 65 domain names) outside our firewall. I also have an internal > DNS server resolving our private addresses. > > Last week the named on the slave server started to peg systat's pig load > to about 88%. After confirming that this wasn't a DOS attack with my > ISP, I am still unable to get the DNS to calm down.... now the process > load has extended to the master and systat is reporting about 90% load. > > Cannot determine why these systems are being hammered -- Have you turned on query logging? That should give you a pretty good idea. Instructions for this are in the BIND docs. If you turn that on and don't see actual queries, then it's time to tcpdump the traffic. HTH, Doug -- This .signature sanitized for your protection