BIND Issue With Timeouts?
 

We use Nagios to monitor our DNS server. We kept getting timeout notifications that the DNS service wasn't working. A minute later a follow up notification would be sent that the DNS recovered and was working again. At first I thought it was a Nagios problem. But it seems as if Nagios is running correctly.

Now I'm tasked with trying to find out if the DNS server is slowing queries down, or not resolving them. I hae no idea where to start with this. I checked the logs, and changed my Windows box to use the DNS server as its primary DNS. I figured that would show me if there is a slow down on name resolution. Any other ideas?

It might be CPU load on the DNS server causing the timeout. Recently I saw some people hammering my DNS server and causing the load to go up (you can see load with the "top" command).

You can test your DNS server using the dig command.

e.g. dig @<dnsservername> <sitename>

Part of the output will include "querytime".

You don't say what OS your DNS server is running on - you mention BIND in the subject but don't say what version. There is a new exploit of BIND 9.x just announced last week. There was a rather serious one announced last year as well. If you haven't fixed either of those and/or are allowing cache and recursive lookups from outside your organization you're likely being targeted by hackers and spammers because they see you as an open door.

Bind Version
 

We're running Bind version: 9.5.0-P2 on Debian 4.1.1-21.

The announcement below was on the ISC mailing list last week. ISC makes BIND. To avoid the exploit I mentioned you should be a BIND 9.5.1-P3 instead of P2.

However if you got your BIND from Debian repositories it is possible they do backporting for security fixes like RedHad does. I don't use Debian for BIND so don't know. If not you'll have to download and build it yourself. Make sure you backup what you already have first if you go that route.