Thank Joe, You rock!
-- Adam On 3/13/2017 2:02 PM, Joe Martini wrote:
Hi Adam, The Dialed Number Analyzer (DNA) service is likely responsible for this (CSCui45986). If you don’t need it on that subscriber try to stop it and confirm that the flood stops. Joe On Mar 13, 2017, at 1:54 PM, Adam Frankel <[email protected]> wrote: Hi All, I have a customer with an 8.6(2) subscriber spamming our Primary and secondary DNS servers with PTR lookups for what appear to be IP phone addresses. This traffic accounts for 40% of the inbound DNS requests in the enterprise. Symptoms: -Dozens of PTR record requests every second of everyday continuously. -Primary DNS Server is now returning intermittent server failures -Only a single subscriber with the issue even though others have phones registered, while this one does not -Only 2 IP Phones registered to that particular subscriber (although it is a backup for several thousand) -The outbound DNS request not seem to be corresponding to any particular inbound request -Checked CLI logs (to validate no CLI command require reverse DNS lookup was being run such as "show network status")- -Nothing in CiscoSyslog or messages log of particular note -Server has a 24 bit subnet mask, IP phones are in another subnet. Anyone seen this before? This sounds all too familiar, but I am having a difficult time pinpointing it. Thanks, -- Adam Frankel CCIE 31689 _______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
