DNS query burst slows down LAN

SPF · 05-28-2009, 05:10 PM

Hi,

Lately I installed a DNS server for local hostnames. I'm running a linux server (Debian) at home, and I want the DNS of my server to resolve locally within my LAN.

This is my network:
internet - modem/router/dhcp - multiple computers (including linux server)

The modem dhcp configuration contains a dns server IP of my local linux server.

Everything works fine, but from time to time the DNS server generates a query burst and tries to resolve a.root-servers.net until z.root-servers.net and much more DNS names.
The result of this burst is that my modem cannot handle the amount of connections and refuses any new connections.
The burst is about a few minutes long, after that there are new connections available in the modem.

It sometimes also causes connection drop and usually a high latency.

I already tried to set serial-query-rate to 1. But with no effect.

This is my named.conf.options:

Code:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        //directory "/etc/bind/";

        recursion yes;

        serial-query-rate 1;

        //allow-recursion {
//              local_net;
//      };

        allow-transfer {
                none;
        };

        forwarders {
                10.0.0.138;
        };

};

named.conf:

Code:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "10.in-addr.arpa" {
        type master;
        file "/etc/bind/db.10";
};

zone "foo.net" {
        type master;
        file "/etc/bind/db.foo.net";
};

/etc/resolv.conf:

Code:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

/etc/hosts:

Code:

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

127.0.0.1       localhost
127.0.0.1       foo.net
127.0.0.1       www.foo.net
127.0.0.1       bar.foo.net      bar

Everything the local DNS server cannot resolve, has to be forwarded to 10.0.0.138 (my modem). I do not understand why it is trying to resolve a.root-servers.net and such.

chrism01 · 05-28-2009, 08:43 PM

Quote:

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

put your ISPs DNS servers in there, like it tells you to. Otherwise your system will use the DNS root servers for anything it doesn't already know. DNS is supposed to be a hierarchical system, so people don't query root servers much.

syg00 · 05-28-2009, 09:37 PM

/etc/hosts ?.

SPF · 05-29-2009, 12:17 AM

I already have a forwarder specified:

Code:

        forwarders {
                10.0.0.138;
        };

Isn't that good as well?

chrism01 · 05-29-2009, 01:22 AM

That's private IP addr, ie inside your LAN. Probably doesn't have that much of the internet addresses cached. Certainly not as much as your ISP will have.
Also, if this is happening regularly, sounds like one (or more) of the time-outs specified here http://www.linuxtopia.org/online_boo...-zone-examples is set too short, probably the 'refresh' entry.

SPF · 05-29-2009, 11:44 AM

Quote:

Originally Posted by chrism01

That's private IP addr, ie inside your LAN. Probably doesn't have that much of the internet addresses cached. Certainly not as much as your ISP will have.
Also, if this is happening regularly, sounds like one (or more) of the time-outs specified here http://www.linuxtopia.org/online_boo...-zone-examples is set too short, probably the 'refresh' entry.

It's not the refresh interval, if I look at the zones it's set to 604800.
I'll try to put the DNS servers from my ISP instead. And hopefully the requests will go over one line instead of multiple lines.

But I still don't understand why it's caching the internet addresses like a.root-servers.net. I can't imagine there's any program that will resolve addresses like that.

SPF · 05-30-2009, 03:28 PM

It did not help, the DNS server is still bursting queries time to time, resulting in massive package drops and refused connections.

I also lost connection to some irc servers for about 5 minutes.

Do you think it can be solved by writing an expect script that forces to delete the dns udp connections in the modem?

SPF · 05-31-2009, 11:58 AM

Does someone know how to remove the DNS query burst from the source code?