LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 05-28-2009, 05:10 PM   #1
SPF
Member
 
Registered: Jul 2007
Location: /home
Distribution: Debian
Posts: 36

Rep: Reputation: 15
DNS query burst slows down LAN


Hi,

Lately I installed a DNS server for local hostnames. I'm running a linux server (Debian) at home, and I want the DNS of my server to resolve locally within my LAN.

This is my network:
internet - modem/router/dhcp - multiple computers (including linux server)

The modem dhcp configuration contains a dns server IP of my local linux server.

Everything works fine, but from time to time the DNS server generates a query burst and tries to resolve a.root-servers.net until z.root-servers.net and much more DNS names.
The result of this burst is that my modem cannot handle the amount of connections and refuses any new connections.
The burst is about a few minutes long, after that there are new connections available in the modem.

It sometimes also causes connection drop and usually a high latency.

I already tried to set serial-query-rate to 1. But with no effect.

This is my named.conf.options:
Code:
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        //directory "/etc/bind/";

        recursion yes;

        serial-query-rate 1;

        //allow-recursion {
//              local_net;
//      };

        allow-transfer {
                none;
        };

        forwarders {
                10.0.0.138;
        };

};
named.conf:
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "10.in-addr.arpa" {
        type master;
        file "/etc/bind/db.10";
};

zone "foo.net" {
        type master;
        file "/etc/bind/db.foo.net";
};
/etc/resolv.conf:
Code:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
/etc/hosts:
Code:
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

127.0.0.1       localhost
127.0.0.1       foo.net
127.0.0.1       www.foo.net
127.0.0.1       bar.foo.net      bar
Everything the local DNS server cannot resolve, has to be forwarded to 10.0.0.138 (my modem). I do not understand why it is trying to resolve a.root-servers.net and such.
 
Old 05-28-2009, 08:43 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
Quote:
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };
put your ISPs DNS servers in there, like it tells you to. Otherwise your system will use the DNS root servers for anything it doesn't already know. DNS is supposed to be a hierarchical system, so people don't query root servers much.
 
Old 05-28-2009, 09:37 PM   #3
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 11,799

Rep: Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923Reputation: 923
/etc/hosts ?.
 
Old 05-29-2009, 12:17 AM   #4
SPF
Member
 
Registered: Jul 2007
Location: /home
Distribution: Debian
Posts: 36

Original Poster
Rep: Reputation: 15
I already have a forwarder specified:
Code:
        forwarders {
                10.0.0.138;
        };
Isn't that good as well?
 
Old 05-29-2009, 01:22 AM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
That's private IP addr, ie inside your LAN. Probably doesn't have that much of the internet addresses cached. Certainly not as much as your ISP will have.
Also, if this is happening regularly, sounds like one (or more) of the time-outs specified here http://www.linuxtopia.org/online_boo...-zone-examples is set too short, probably the 'refresh' entry.
 
Old 05-29-2009, 11:44 AM   #6
SPF
Member
 
Registered: Jul 2007
Location: /home
Distribution: Debian
Posts: 36

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by chrism01 View Post
That's private IP addr, ie inside your LAN. Probably doesn't have that much of the internet addresses cached. Certainly not as much as your ISP will have.
Also, if this is happening regularly, sounds like one (or more) of the time-outs specified here http://www.linuxtopia.org/online_boo...-zone-examples is set too short, probably the 'refresh' entry.
It's not the refresh interval, if I look at the zones it's set to 604800.
I'll try to put the DNS servers from my ISP instead. And hopefully the requests will go over one line instead of multiple lines.

But I still don't understand why it's caching the internet addresses like a.root-servers.net. I can't imagine there's any program that will resolve addresses like that.
 
Old 05-30-2009, 03:28 PM   #7
SPF
Member
 
Registered: Jul 2007
Location: /home
Distribution: Debian
Posts: 36

Original Poster
Rep: Reputation: 15
It did not help, the DNS server is still bursting queries time to time, resulting in massive package drops and refused connections.

I also lost connection to some irc servers for about 5 minutes.

Do you think it can be solved by writing an expect script that forces to delete the dns udp connections in the modem?
 
Old 05-31-2009, 11:58 AM   #8
SPF
Member
 
Registered: Jul 2007
Location: /home
Distribution: Debian
Posts: 36

Original Poster
Rep: Reputation: 15
Question How to remove query burst from dns source code

Does someone know how to remove the DNS query burst from the source code?
 
  


Reply

Tags
bind, bind9, dns, named, query


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Query regarding DNS saini_mw Linux - Software 4 09-14-2009 12:29 PM
DNS query bikebefast Linux - Networking 31 01-03-2008 10:38 PM
How to configure DNS for a local LAN (at least I think I want DNS) FlyingPenguin128 Linux - Networking 8 12-11-2005 04:15 PM
DNS query sanw2k Linux - Networking 1 03-11-2005 11:31 PM
DNS query chynna_v Linux - Newbie 1 09-15-2004 04:57 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration