Martin Pelik??n [martin.peli...@gmail.com] wrote: > 2010/9/10, Chris Cappuccio <ch...@nmedia.net>: > > Stop using ALTQ on your DNS server, perhaps? That may be what is causing > > the back-pressure that you're seeing. > > Why do you think it would help? Those lots of packets would arrive > anyway, only the decent user will wait longer for his website to load. > Fortunately altq has the qlimit attribute. >
I don't see ALTQ buying you much of anything in most common scenarios that don't involve this box as a router. At very least, I'd try deactivating it to see if there is any difference in behavior. > > Look at unbound, which is going to replace named anyways? > > Already did. But we NAT quite a lot, hence the two DNS views and I'm > not going to handle two separate daemons unless I'll have to. > Besides, I can see NSD in my cvs tree, not unbound :-) > The only thing that bothers me on OpenBSD's bind is the lack of > support for NSEC3. Of course only from the user's point of view... > Well if you are making heavy use of DNSSEC, nsd may be worth the effort. Doubly so, given the problems you are having with bind.
