Hello Alan -

I will do an upgrade as soon as I get chance - a bit tied up right now. But in any case, since I posted this I've done some query logging for a bit and find that I'm getting an average of about 60 queries per second. All the dns queries are coming in via udp - the connections I mentioned are likewise udp. As I mentioned before, netstat shoes the udp Recv-Q filling up on the two IPs on that server that are taking the requests.

There's a basic firewall setup on the server, only ports I need are open:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10022 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5900 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5901 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8550 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

As far as recursing goes:

/usr/sbin/rndc recursing
rndc: 'recursing' failed: permission denied

Any ideas are welcome....

Ed


On 11/10/2012 3:46 PM, Alan Clegg wrote:

On Nov 10, 2012, at 1:39 PM, Ed LaFrance<e...@connexinternet.com>
wrote:

When I check the router above this server I'll see 200 - 500
legitimate connections to this server at any given time.

Having sent my snarky "update" e-mail, I now ask... you say later in
the mail that you are doing about 20 queries per second (which I
agree should be handled by any hardware with more oomph than a
Z-80).

I'm curious as to what these "200-500 legitimate connections" are.
Are they TCP?  If so, are you seeing lots of TCP connections hanging
around?  Do you have some firewall in the midst of this that might be
messing around with TCP connections?

If you do a "rndc recursing", what do you get?

If you are only doing 20-30 transactions per second, the stats on the
UDP counts would have taken a long time to get there... something
doesn't add up.

AlanC
--
(800) 362-7579 ext 1

+-------------------------------------------------------+
+ Colocation    Dedicated Servers   IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc.     direct: (916) 265-1568
11230 Gold Express Dr #310-313        fax: (916) 880-5663
Gold River, CA 95670            http://connexinternet.com
+-------------------------------------------------------+
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to