We kept getting the following messages: named[4498]: client 127.0.0.1#42127: no more recursive clients: quota reached (We have a limit of 1000 and an average of 25)
from the BIND 9.2 ARM: recursive-clients The maximum number of simultaneous recursive lookups the server will perform on behalf of clients. The default is 1000. Because each recursing client uses a fair bit of memory, on the order of 20 kilobytes, the value of the recursive-clients option may have to be decreased on hosts with limited memory.
And we could not get to some of the root servers, ie: a.ROOT-SERVERS.NET
how were you testing this? did you try any of the other root servers? If any of the root server were inaccessible it would have caused a whole lot more noise on teh intarwebs.
So I am assuming there was a DOS attack somewhere which affected DNS traffic.
where somewhere == your server
Assumption: The name server could not get to some root servers, the queries kept pilling up and we hit the quota.
I think you need to look closer to home, so to speak... Is this DNS server of your publicly accessible? If so, does it allow recursion from anywhere/anyone? If so, then you become a free DNS server for others, like spammers. Try restricting recursion to your network only. If it is already restricted, then check all your network hosts for signs of malware/virii/backdoors/etc as it seems possible that an internal host or two was spewing spam and making a lot of bogus recursive queries hth /joshua -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams -