Orly, Is this what you're seeing? M. Yu ----- Original Message ----- From: "Ian Watts" <[EMAIL PROTECTED]> To: "Barry Finkel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, November 17, 2001 5:25 AM Subject: Re: Follow-up: request storms from Windows > > Okay, it turns out that this problem arises when the AD servers do a > lookup for an IP address where the ARPA zone has a CNAME for an NS record. > > Example: > > ian@squid:~$ dig 88.140.in-addr.arpa ns +short > artemis.acs.bethel.edu. > ian@squid:~$ dig artemis.acs.bethel.edu. > > ; <<>> DiG 9.2.0rc7 <<>> artemis.acs.bethel.edu. > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61890 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 > > ;; QUESTION SECTION: > ;artemis.acs.bethel.edu. IN A > > ;; ANSWER SECTION: > artemis.acs.bethel.edu. 517962 IN CNAME amidala.bnet.bethel.edu. > amidala.bnet.bethel.edu. 517962 IN A 140.88.128.1 > > ;; AUTHORITY SECTION: > bethel.edu. 517962 IN NS ns2.onvoy.net. > bethel.edu. 517962 IN NS ns1.bethel.edu. > > ;; ADDITIONAL SECTION: > ns1.bethel.edu. 517962 IN A 140.88.128.1 > ns2.onvoy.net. 166593 IN A 206.9.64.104 > > ;; Query time: 12 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Nov 16 16:21:21 2001 > ;; MSG SIZE rcvd: 160 > > > I have asked the admins of the Windows servers to "Secure cache against > pollution", i.e. disable glue fetching. When they get around to it I'll > let you know if it makes a difference. > > And since you ask, the AD servers are forwarding to my BIND nameservers > everything that's not in their "domains". > > -- Ian Watts > > > > On Fri, 16 Nov 2001, Barry Finkel wrote: > > > Ian Watts <[EMAIL PROTECTED]> wrote: > > > > >A while ago I mentioned that I was occasionally seeing large numbers of > > >identical queries coming from local Win2K Active Directory servers. Just > > >yesterday one of them was generating 2,500 identical queries per second. > > > > > >There appears to be a pattern: whenever this happens, it is a request for > > >a name that is a CNAME for one of the nameservers for that zone. Possible > > >AD bug? Other? > > > > > >I have not duplicated this behaviour myself, but 3 out of 3 rather > > >particular records is a pattern in my book. > > > > > >Examples: > > >ns1.poweruser.com > > >artemis.acs.bethel.edu > > >wks01.clickcom.com > > > > > >Although there must be a newsgroup for Active Directory issues, this may > > >in fact be something completely different and it impacts us BIND users > > >negatively. Anyone have any input on this problem? > > > > What is your DNS configuration? I am assuming that an W2k AD machine > > was sending multiple DNS lookup requests to your BIND server. You > > say that the names being queried are CNAMEs for nameservers. I wonder > > if there are DNS zones that have these CNAMEs in NS records. I know > > that NS records cannot point to CNAMEs, but if this were to occur and > > W2k were attempting to contact the real nameserver, would it get into > > a loop? I would suggest contacting Microsoft support. I do not have > > enough information to attempt to reproduce the problem here. > > ---------------------------------------------------------------------- > > Barry S. Finkel > > Electronics and Computing Technologies Division > > Argonne National Laboratory Phone: +1 (630) 252-7277 > > 9700 South Cass Avenue Facsimile:+1 (630) 252-9689 > > Building 221, Room B236 Internet: [EMAIL PROTECTED] > > Argonne, IL 60439-4844 IBMMAIL: I1004994 > > > > > > > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
