The code on our FWSMs isn't the latest release, so that could be part of the issue, but it's been about 16 hours now since I shut it off, and so far so good. I would say though with the other load on our firewalls, it's highly possible that they were being overloaded. Unfortunately our MRTG isn't setup to track firewall CPU, so I can't say for sure.
Thanks, Jason On Wed, Mar 26, 2014 at 4:02 AM, Sam Wilson <sam.wil...@ed.ac.uk> wrote: > In article <mailman.2530.1395774135.20661.bind-us...@lists.isc.org>, > Jason Brandt <jbra...@fsmail.bradley.edu> wrote: > > > For now, I've disabled DNS inspection on our firewall, as it is an > ancient > > Cisco firewall services module, and that seems to have stabilized things, > > but it's only been 30 minutes or so. Until I get a few days in, I'll > keep > > researching. > > We used to run DNS inspection on our FWSMs. We didn't notice any issues > with DNS resolution per se, but we did find that turning it off dropped > the FWSM CPU from ~70% to less than 30%. We're not aware of any issues > that using DNS inspection might have caused. > > Sam > > -- > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Jason K. Brandt Systems Administrator
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
