On 18-Jan-2007, at 18:21, Jean-Francois Pirus wrote:
I was wondering if anyone noticed an odd external DNS problem happening yesterday
Yes we had some issues as well.
We kept getting the following messages: named[4498]: client 127.0.0.1#42127: no more recursive clients: quota reached (We have a limit of 1000 and an average of 25)
Do you run open resolvers, or do you restrict use of your recursive servers (by source address) to your customers only? Almost every case I've seen where bind9 suffers query spikes like you're describing (and are not just being hammered by an enormous throng of customers) it has been because the server was being used by someone far away as a packet amplifier. Throw on an ACL to restrict recursive lookups (and to deny queries, if the servers aren't also authority servers) and the problem frequently goes away.
And we could not get to some of the root servers, ie: a.ROOT- SERVERS.NET
In case it's useful to know for future testing, F and I are the servers that you have the greatest chance of reaching locally. Joe