On 12/19/2011 11:14 PM, Mark Jeftovic wrote:
And it sorta almost works. Except what happens when we restart or reconfigure bind is that the number of recursive clients skyrockets to the maximum (currently the default 1000) in under a minute and then everything starts failing or timing out with a lot of those aforementioned log messages.
Interesting. It sounds like when you enable those queries, the nameserver suddenly starts emitting queries which aren't getting timely replies.
Do you have a "clean" path from that nameserver to the internet? No firewall enforcing DNS packet "size limits" or blocking TCP queries?
It will be a lot of data, but a tcpdump started just before making the changes might show some obvious patterns that point you in the right direction.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
