-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 2018-09-11 at 14:19 -0400, Alex wrote: > This is when our 20mbs cable upstream link was saturated and resulted > in DNS query timeout errors. resulting in these SERVFAIL messages.
Not specific to dns, but this looks like a bufferbloat problem, which is common with cable modems. When the upstream link is saturated, the buffers in the interface device (cable modem or possibly a standalone router) become full. If there is a lot of buffer space, the latency becomes very large, and that will cause many problems, including issues with dns. A partial fix is to prioritize small packets like dns queries and tcp acks, so they don't wait behind a large queue of full size packets. A more complete fix is switching to fq-codel queue discipline. google for bufferbloat for more details. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluYDHMACgkQL6j7milTFsEqXwCffaR+fwcqpoEHPisw86Q49+Kw o0cAn0Q5LV1FXk2r1fiTqYZIlsa9xH3s =yp3H -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users