On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas
wrote:
> On 20.09.16 20:27, blrmaani wrote:
> >I have a DNS server (which is both forwarder and authoritative NS) and I see
> >this odd behavior locally on the host:
> >
> >dig @localhost <name> # returns immediately with right response
> >
> >dig @<host-local-ip-on-eth0> <name> # returns sometimes, timesout most of
> >the time
> >
> >
> >I have allow-query {any;} in BIND config and the <name> above is local on
> >the host (obtained via slaving). The listen-on is set to 'any' on port-53
> >
> >What am I missing? Why this odd behavior?
>
> a firewall probably?
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Atheism is a non-prophet organization.
I checked for firewall, didn't find any locally on the host (no tcpwrapper
enabled). Also, during this behavior, I saw lots of UDP packet loss on the host:
netstat -s | egrep -A4 "Udp:"
...
..
I tried similar local queries when traffic reduced (and when UDP pkt loss was
zero) and both local queries succeeded.
Still struggling to identify the root cause.
PS: There were several NXDOMAIN queries (around 95%) sent to this DNS server
during peak hours and NXDOMAIN reduced after business hours.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
