After much to-ing and fro-ing we are coming to the end of our collective teathers. Since Sunday morning (last Sunday) morning at around 8am we have been having an odd problem with our primary nameserver, ns1.ihug.net.nz (203.29.160.4). It goes something like this, nameserver is doing it's thing happily, when for no apparent reason it just stops responding to named requests for a short time and then a while later starts going again. For obvious reasons this is a major problem. And we can find nothing that is causing this. The symptoms: o Server stops responding to named queries. o At one stage it appeared that when constantly pinging it the TTL would change from 64 to 255 for the exact same duration that the nameserver was affected. I am unable to confirm that this is still the case. o The outages appear to be for exactly 2 or 3 minutes to the seccond. (Maybe other durations?) o At the same time this is happening we are getting "Possible syn flood" messages from various IP addresses (they don't seem to be related). It is my understanding that at about the same time (Sunday) that CLEAR, Waikato and possible Telecom/Xtra had a similar problems (I am not sure where this information comes from or how accurate it is), but are no longer. What we have done: o We swapped our nameservers around, this seems to solve the problem however, it affects our practical ability to control zones etc... o New software installations. The box affected had recently been rebuilt before the incident, and we did not suspect it was a software issue, but rebuilt anyhow. It has affected both Slackware and Debian installations with BIND 8.1.2 and BIND 8.2. Conclusions: o It only occurs when then machine is on 203.29.160.4 and is acting as a master. It does not affect slaves on that IP and does not affect masters on another IP. o Hardware is not a fault - We have used more than one physical machine. The effects did not change. o It appears the the nameserver itself stops during that time. Incoming traffic still reaches the box, but none goes out. Also for the duration there seems to be no nameserver logging. Short completely changing our nameserver infrastrucure we are at a loss as to what we can do. Probable solutions: o None - Goddammit! Any ideas? Dylan Reeve DDI: +64 9 359-2746 Assistant DNS Admin Fax: +64 9 358-5134 ihug business Freecall: 0800 847-638 http://www.ihug.co.nz/ Email: dylan(a)ihug.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog