On Thu, Mar 10, 2011 at 08:49:02AM -0800, Alfred B. M. Cordero wrote: > > > >Another source of network problems could be caused by a > >firewall device that tries to be too smart and either > >delays the traffic or outright mutilates it. I do not > >know your setup, but we dealt with an issue caused by > >the security features of pdns-recursor, the randomized > >source port. > > djbdns also uses randomized source ports (don't all dns now?) but > shown no > similar patterns. Our env. is a simple LAN running pdns recursor. > No other dns > on the LAN. > > We are looking at bandwidth-limiting by the isp. If we have 256Kb > link we don't > know how that is capped. But as you say, they are maybe mutilated. > Once at 256Kb any other traffic is dropped. There are probably many > different ways > to do bandwidth-limiting. > > If there is anything we can do we will try it. Maybe we can do > something with QoS. > But it is a new area so if you have any hints to share it may help. >
Wow! That is not a lot of bandwidth. If you are pegging your cap, responses may be taking a longer while to be returned and pdns-recursor is timing out. Have you tried increasing the value for network-timeout over the default 1500 ms? Cheers, Ken _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users