On Thu, Jun 03, 1999 at 03:36:15PM +1200, dylan(a)ihug.co.nz wrote:
It is my understanding that at about the same time (Sunday) that CLEAR, Waikato and possible Telecom/Xtra had a similar problems (I am not sure where this information comes from or how accurate it is), but are no longer.
I don't know where this information came from either, but I can't confirm it for CLEAR. No DNS anomolies that I am aware of.
What we have done:
o We swapped our nameservers around, this seems to solve the problem however, it affects our practical ability to control zones etc...
o New software installations. The box affected had recently been rebuilt before the incident, and we did not suspect it was a software issue, but rebuilt anyhow. It has affected both Slackware and Debian installations with BIND 8.1.2 and BIND 8.2.
Did you truss the stuck named's and see where they were sticking?
Conclusions:
o It only occurs when then machine is on 203.29.160.4 and is acting as a master. It does not affect slaves on that IP and does not affect masters on another IP.
Could it be that your slave configuration restricts zone transfers to none, and that bind is clever enough to not bother listening unless there is at least one local zone which is transferable? If this is the case, does this look like a SYN flood to tcp/53? Maybe not intentional -- do you have slaves elsewhere which can route to your master, but which your master can't route back to?
o Hardware is not a fault - We have used more than one physical machine. The effects did not change.
o It appears the the nameserver itself stops during that time. Incoming traffic still reaches the box, but none goes out. Also for the duration there seems to be no nameserver logging.
Maybe it's that hokey operating system you're using :) Joe "FreeBSD" Abley --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog