Re: bind-users Digest, Vol 1361, Issue 2

Sun, 11 Nov 2012 14:18:05 -0800

Did not get your post for some reason. I am running IP tables with a simple firewall setup. No idea on ip_conntrack. How do I check and if so, what setting should I try and how do I do it? 

Thanks!
Ed


----------------------------------------------------------------------

Message: 1
Date: Sun, 11 Nov 2012 12:41:53 +0000 (GMT)
From: "G.W. Haywood"<b...@jubileegroup.co.uk>
To:bind-users@lists.isc.org
Subject: Re: Need to improve named performance
Message-ID:
        <pine.lnx.4.64.1211111236160.19...@mail5.jubileegroup.co.uk>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

Hi there,

On Sun, 11 Nov 2012, Ed LaFrance wrote:


>  Running BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 ...

Somebody already said upgrade.  Generally that's the first thing to do
in a case like this (before asking on mailing lists:).


>  The issue is that named is not keeping up with rdns requests. The
>  nameserver is only doing rdns, and it's the only public process on the
>  server (no webhosting, monitoring, etc).
>
>  When I check the router above this server I'll see 200 - 500 legitimate
>  connections to this server at any given time. ...

I'm not convinced that BIND is the problem.  What does 'top' tell you?

Are you running netfilter/iptables on the box?  Might be ip_conntrack.
I once had an issue with a lot of dropped TCP connections, each of
which was hanging around for five days (the default).  They filled the
connection tracking table.  The default is too long, ridiculously so.
After I reduced it to something more reasonable the problem went away.

--

73,
Ged.



--
(800) 362-7579 ext 1

+-------------------------------------------------------+
+ Colocation    Dedicated Servers   IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc.     direct: (916) 265-1568
11230 Gold Express Dr #310-313        fax: (916) 880-5663
Gold River, CA 95670            http://connexinternet.com
+-------------------------------------------------------+
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to