All,
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp drop in the rate of queries that are
* a very sharp drop (a
On 16.03.13 11:39, Phil Mayers wrote:
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp drop in the rate of queries th
On 03/16/2013 12:43 PM, Matus UHLAR - fantomas wrote:
On 16.03.13 11:39, Phil Mayers wrote:
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on
> From: Phil Mayers
> >> In the last 12 hours, we've had repeated instances of named getting
> >> wedged. The symptoms are:
> >>
> >> * named consuming nearly 100% CPU, all in user-time
> >> * lots of queries apparently not processed, and based on query
> >> logging, a sharp drop in the rate of q
On 03/16/2013 02:21 PM, Vernon Schryver wrote:
From: Phil Mayers
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp d
> From: Phil Mayers
> If it's not RPZ, those xfr timings are very coincidental. But of course,
> I'm just guessing. It could be phase of the moon for all I know at this
> stage.
That only two large Spamahus transfers of the dozen transfers so
far this month were coincident with the problem sug
On 16 Mar 2013, at 14:59, Vernon Schryver wrote:
> My logs have these instances of transfers of rpz.spamhaus.org involving
> at least 100 messages during March (NTP disciplined UTC timestamps):
>
> 02-Mar-2013 21:45:42.511 07-Mar-2013 22:47:56.423 08-Mar-2013 03:19:46.419
> 08-Mar-2013 03:26:
Coincidentally yesterday ( 15, March ) at 1700 PST four of our name servers
were knocked off-line with similar large CPU spikes and no corresponding
spike in query requests.
We run Bind 9.9.2-P1 with RPZ feeds from Spamhaus and SURBL.
We are still investigating some other potential sources of the
On 03/16/2013 03:31 PM, Vernon Schryver wrote:
To debug and so have the least hope of eventually fixing this or
any similar problem, I would build BIND with -g and capture a core
file and associated libraries for a hung example,. Whether your
guess blaming RPZ is right or wrong, no progess is l
> I get no joy from port 80 at spamhaus.org now, so perhaps Spamhaus is
> under DoS attack yet again.
Yes, they are. Specifically spoofed source DNS-based amplification
attacks against 154.35.160.11 and 82.94.216.239. We're blocking about
100 Mbps of such traffic at our borders - I'm sure we're no
> From: Phil Mayers
> It's unfortunate I wasn't able to obtain one; gdb wasn't installed on
> the box, and I couldn't get the package installed because DNS was down.
Depending on the flavor of the system and its configuration, adding
lines to /etc/hosts can be effective for working around local
Hi all,
Please forgive me for posting here as its not especially Bind related.
I've noticed that some time in the last week or two routing between the
UK and India is now via the America's, Singapore, Tokyo and Bangalore.
Previously this used to hit the Euro trunk and head off to Mumbai
dir
On 03/16/2013 06:46 PM, Vernon Schryver wrote:
From: Phil Mayers
It's unfortunate I wasn't able to obtain one; gdb wasn't installed on
the box, and I couldn't get the package installed because DNS was down.
Depending on the flavor of the system and its configuration, adding
lines to /etc/ho
On 03/16/2013 06:52 PM, waynemerricks wrote:
Any help of where to go next would be appreciated, apologies in advance
if this is not suitable for the Bind lists.
Nanog? UKNof? Any other routing/ops-related list?
___
Please visit https://lists.isc.or
On Thu, Mar 14, 2013 at 10:29 PM, Manish Rane wrote:
> So the TTL value we are discussing here are individual NS TTL Value? Or
> the SOA Default TTL Value.
> When I viewed my ISP record I found that the SOA Default TTL Value is 12
> days and NS RR TTL Value is 3600 secs
>
The SOA does not and ne
15 matches
Mail list logo
