Cathy, Thank you for your comments. I will continue to investigate, it helps to have avenues to look down though.
As far as build version, we are aware that we aren't at current stable release. However we've tried to stick to the distro release as much as possible, to help streamline patching. But if this continues to be an issue, it's something we will definitely consider. The thing that's strange to me, is that we can mostly alleviate the symptoms, by using a forwarder. Currently I'm using an internal Windows 2003 server in the same subnet, on the same switch, to forward through, however I was previously using 8.8.8.8, and it was behaving well too. It seems to happen worst when simply using the root hints. Rndc recursing doesn't seem to be much help. The queries are all over, including google, adobe, amazon, microsoft, etc, as a combination of A/AAAA/PTR/TXT records, from a variety of different clients on different subnets and in different firewall zones. At a glance, I don't see any correlation. Again, I'll keep investigating, and appreciate all the input! Jason On Tue, Mar 25, 2014 at 12:34 PM, Cathy Almond <cat...@isc.org> wrote: > Packet tracing and/or looking at rndc recursing is good - then you'll > see which client queries are waiting for answers from authoritative > servers. > > Depending on what you've upgraded from, this might be a problem with > whether or not your infrastructure can handle EDNS0 and large packet > sizes. Newer version of BIND set the DO bit by default on the iterative > queries, so perhaps some servers are sending back larger response than > you were receiving before. It's worth checking that your network > infrastructure can handle both EDNS0 and large UDP packet sizes (and DNS > queries via TCP of course too). See > https://www.dns-oarc.net/oarc/services/replysizetest > > I should also comment that the distro BIND 9.8 that you're using isn't > the current ISC version, so you're missing-out on recent fixes - you > might be better off with a self-build of 9.8.7-W1 or 9.8.5-W1: > http://www.isc.org/downloads/ > > These also might be helpful: > > https://kb.isc.org/article/AA-00771/46/Which-version-of-BIND-do-I-want-to-download-and-install.html > > https://kb.isc.org/article/AA-00768/46/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html > > HTH > > Cathy > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Jason K. Brandt Systems Administrator
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users