Hi Tony, Nope, my server is not an open resolver, but a lot of clients are using it :) - Actually one of my customers had a broken netgear device that was making 1000 qps for time-g.netgear.com. Probably some kind of software bug.
I can recommend dnstop to find "bad dns clients" - But dnstop also showed me I'm getting 5-7K qps, and not 700-800 as collectd showed me. Do you think this is too much for a VM? - My VM is only loaded 50% on each core. /Søren -----Oprindelig meddelelse----- Fra: Tony Finch [mailto:fa...@hermes.cam.ac.uk] På vegne af Tony Finch Sendt: 4. december 2015 13:34 Til: Søren Andersen <s...@stofa.dk> Cc: bind-users@lists.isc.org Emne: Re: Bind bind high recv-q Søren Andersen <s...@stofa.dk> wrote: > > I'm experiencing some strange problems with my bind installation. - I > notice my bind recv-q is quite high sometimes.. therefore my DNS > clients can experience DNS lookup to take 1-4 secs. My bind is running > on a 4 core vm I VMware with 8Gb ram. - At peak I receive app. 700-800 > QPS. - The load is 20-40% on each CPU core. - I've also configured 2 RPZ > zones. Is your server an open resolver being used as part of a DDoS attack? Do you have compromised client machines running malware that hammers your server? Find out where the queries are coming from using netflow or tcpdump or query logging. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Southeast Iceland: Southeasterly 6 to gale 8, becoming cyclonic 7 to severe gale 9, then veering westerly gale 8 to storm 10, perhaps violent storm 11 later. High or very high later. Wintry showers. Moderate or poor, occasionally very poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
