Re: slow non-cached quries

Sun, 11 Sep 2011 08:30:27 -0700

On 09.09.11 19:31, TMK wrote: >We have find the reason why our
network analyzer report that bind is >responding to a.root-server.net in 30 sec.
Oh, does gmail rewrap lines in incoming messages? In the same stupid way as Outlook does? Can you please turn it off? 


does your server respond to a.root-servers.net, or does 
a.root-servers.netrespond to your BIND?


On 09.09.11 22:34, TMK wrote:

A.root-server.net is query being sent from some of our clients.


Are they asking for IP Address of A.root-server.net?


who is sending those packets? Is that your BIND?



Like I said it is being send from some infected customers to our cache dns



If they are sending queries to your DNS cache, they can not affect 
where will it send further queries



>Just one question why doesn't the bind drop such packets.

apparently it does and that's why it's so slow...


No it doesn't the capture shows it has responded to every and packet of
those but dut to having the same source ports and the identification I'd the
traffic analyzer is unable to correctly link the requests with the replies.



same source port and identification? Do any answers come back? Coulr 
you please provide sample of tcpdump/wireshark logs to show at least 
2-3 outgoing and a few of incoming packets?



All those packets are from source port 3037


What is the destination port?

Does your BIND lie behind some proxy, filter or firewall that can 
affect source port?

Or, does your BIND have configured port 3037 for outgoing queries?


Note that BIND versions released in last 3 years randomize source ports 
unless they are told not to do so (which is very bad idea, unless 
someone does that for them).



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users























					Reply via email to