Hello Alan -
I will do an upgrade as soon as I get chance - a bit tied up right now.
But in any case, since I posted this I've done some query logging for a
bit and find that I'm getting an average of about 60 queries per second.
All the dns queries are coming in via udp - the connections I mentioned
are likewise udp. As I mentioned before, netstat shoes the udp Recv-Q
filling up on the two IPs on that server that are taking the requests.
There's a basic firewall setup on the server, only ports I need are open:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:10022
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:5900
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:5901
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:8550
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
As far as recursing goes:
/usr/sbin/rndc recursing
rndc: 'recursing' failed: permission denied
Any ideas are welcome....
Ed
On 11/10/2012 3:46 PM, Alan Clegg wrote:
On Nov 10, 2012, at 1:39 PM, Ed LaFrance<e...@connexinternet.com>
wrote:
When I check the router above this server I'll see 200 - 500
legitimate connections to this server at any given time.
Having sent my snarky "update" e-mail, I now ask... you say later in
the mail that you are doing about 20 queries per second (which I
agree should be handled by any hardware with more oomph than a
Z-80).
I'm curious as to what these "200-500 legitimate connections" are.
Are they TCP? If so, are you seeing lots of TCP connections hanging
around? Do you have some firewall in the midst of this that might be
messing around with TCP connections?
If you do a "rndc recursing", what do you get?
If you are only doing 20-30 transactions per second, the stats on the
UDP counts would have taken a long time to get there... something
doesn't add up.
AlanC
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users