LinuxQuestions.org - DNS query burst slows down LAN

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - DNS query burst slows down LAN (https://www.linuxquestions.org/questions/linux-server-73/dns-query-burst-slows-down-lan-729180/)

DNS query burst slows down LAN

Hi,

Lately I installed a DNS server for local hostnames. I'm running a linux server (Debian) at home, and I want the DNS of my server to resolve locally within my LAN.

This is my network:
internet - modem/router/dhcp - multiple computers (including linux server)

The modem dhcp configuration contains a dns server IP of my local linux server.

Everything works fine, but from time to time the DNS server generates a query burst and tries to resolve a.root-servers.net until z.root-servers.net and much more DNS names.
The result of this burst is that my modem cannot handle the amount of connections and refuses any new connections.
The burst is about a few minutes long, after that there are new connections available in the modem.

It sometimes also causes connection drop and usually a high latency.

I already tried to set serial-query-rate to 1. But with no effect.

This is my named.conf.options:

Code:

options {

        directory "/var/cache/bind";



        // If there is a firewall between you and nameservers you want

        // to talk to, you may need to fix the firewall to allow multiple

        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113



        // If your ISP provided one or more IP addresses for stable

        // nameservers, you probably want to use them as forwarders.

        // Uncomment the following block, and insert the addresses replacing

        // the all-0's placeholder.



        // forwarders {

        //      0.0.0.0;

        // };



        auth-nxdomain no;    # conform to RFC1035

        listen-on-v6 { any; };



        //directory "/etc/bind/";



        recursion yes;



        serial-query-rate 1;



        //allow-recursion {

//              local_net;

//      };



        allow-transfer {

                none;

        };



        forwarders {

                10.0.0.138;

        };



};

named.conf:

Code:

// This is the primary configuration file for the BIND DNS server named.

//

// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 

// structure of BIND configuration files in Debian, *BEFORE* you customize 

// this configuration file.

//

// If you are just adding zones, please do that in /etc/bind/named.conf.local



include "/etc/bind/named.conf.options";



// prime the server with knowledge of the root servers

zone "." {

        type hint;

        file "/etc/bind/db.root";

};



// be authoritative for the localhost forward and reverse zones, and for

// broadcast zones as per RFC 1912



zone "localhost" {

        type master;

        file "/etc/bind/db.local";

};



zone "127.in-addr.arpa" {

        type master;

        file "/etc/bind/db.127";

};



zone "0.in-addr.arpa" {

        type master;

        file "/etc/bind/db.0";

};



zone "255.in-addr.arpa" {

        type master;

        file "/etc/bind/db.255";

};



zone "10.in-addr.arpa" {

        type master;

        file "/etc/bind/db.10";

};



zone "foo.net" {

        type master;

        file "/etc/bind/db.foo.net";

};

/etc/resolv.conf:

Code:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

nameserver 127.0.0.1

/etc/hosts:

Code:

# The following lines are desirable for IPv6 capable hosts

::1    ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts



127.0.0.1      localhost

127.0.0.1      foo.net

127.0.0.1      www.foo.net

127.0.0.1      bar.foo.net      bar

Everything the local DNS server cannot resolve, has to be forwarded to 10.0.0.138 (my modem). I do not understand why it is trying to resolve a.root-servers.net and such.

Quote:

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

put your ISPs DNS servers in there, like it tells you to. Otherwise your system will use the DNS root servers for anything it doesn't already know. DNS is supposed to be a hierarchical system, so people don't query root servers much.

I already have a forwarder specified:

Code:

        forwarders {

                10.0.0.138;

        };

Isn't that good as well?

That's private IP addr, ie inside your LAN. Probably doesn't have that much of the internet addresses cached. Certainly not as much as your ISP will have.
Also, if this is happening regularly, sounds like one (or more) of the time-outs specified here http://www.linuxtopia.org/online_boo...-zone-examples is set too short, probably the 'refresh' entry.

Quote:

Originally Posted by chrism01 (Post 3556192)

It's not the refresh interval, if I look at the zones it's set to 604800.
I'll try to put the DNS servers from my ISP instead. And hopefully the requests will go over one line instead of multiple lines.

But I still don't understand why it's caching the internet addresses like a.root-servers.net. I can't imagine there's any program that will resolve addresses like that.

It did not help, the DNS server is still bursting queries time to time, resulting in massive package drops and refused connections.

I also lost connection to some irc servers for about 5 minutes.

Do you think it can be solved by writing an expect script that forces to delete the dns udp connections in the modem?

How to remove query burst from dns source code

Does someone know how to remove the DNS query burst from the source code?