2010/9/10, Chris Cappuccio <ch...@nmedia.net>: > Stop using ALTQ on your DNS server, perhaps? That may be what is causing > the back-pressure that you're seeing.
Why do you think it would help? Those lots of packets would arrive anyway, only the decent user will wait longer for his website to load. Fortunately altq has the qlimit attribute. > Look at unbound, which is going to replace named anyways? Already did. But we NAT quite a lot, hence the two DNS views and I'm not going to handle two separate daemons unless I'll have to. Besides, I can see NSD in my cvs tree, not unbound :-) The only thing that bothers me on OpenBSD's bind is the lack of support for NSEC3. Of course only from the user's point of view... -- Martin Pelikan
