All,
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp drop in the rate of queries that are
* a very sharp drop
On 16.03.13 11:39, Phil Mayers wrote:
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp drop in the rate of queries
On 03/16/2013 12:43 PM, Matus UHLAR - fantomas wrote:
On 16.03.13 11:39, Phil Mayers wrote:
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on
From: Phil Mayers p.may...@imperial.ac.uk
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on query
logging, a sharp drop in the rate
On 03/16/2013 02:21 PM, Vernon Schryver wrote:
From: Phil Mayers p.may...@imperial.ac.uk
In the last 12 hours, we've had repeated instances of named getting
wedged. The symptoms are:
* named consuming nearly 100% CPU, all in user-time
* lots of queries apparently not processed, and based on
From: Phil Mayers p.may...@imperial.ac.uk
If it's not RPZ, those xfr timings are very coincidental. But of course,
I'm just guessing. It could be phase of the moon for all I know at this
stage.
That only two large Spamahus transfers of the dozen transfers so
far this month were coincident
On 16 Mar 2013, at 14:59, Vernon Schryver v...@rhyolite.com wrote:
My logs have these instances of transfers of rpz.spamhaus.org involving
at least 100 messages during March (NTP disciplined UTC timestamps):
02-Mar-2013 21:45:42.511 07-Mar-2013 22:47:56.423 08-Mar-2013 03:19:46.419
Coincidentally yesterday ( 15, March ) at 1700 PST four of our name servers
were knocked off-line with similar large CPU spikes and no corresponding
spike in query requests.
We run Bind 9.9.2-P1 with RPZ feeds from Spamhaus and SURBL.
We are still investigating some other potential sources of
On 03/16/2013 03:31 PM, Vernon Schryver wrote:
To debug and so have the least hope of eventually fixing this or
any similar problem, I would build BIND with -g and capture a core
file and associated libraries for a hung example,. Whether your
guess blaming RPZ is right or wrong, no progess is
I get no joy from port 80 at spamhaus.org now, so perhaps Spamhaus is
under DoS attack yet again.
Yes, they are. Specifically spoofed source DNS-based amplification
attacks against 154.35.160.11 and 82.94.216.239. We're blocking about
100 Mbps of such traffic at our borders - I'm sure we're not
From: Phil Mayers p.may...@imperial.ac.uk
It's unfortunate I wasn't able to obtain one; gdb wasn't installed on
the box, and I couldn't get the package installed because DNS was down.
Depending on the flavor of the system and its configuration, adding
lines to /etc/hosts can be effective for
Hi all,
Please forgive me for posting here as its not especially Bind related.
I've noticed that some time in the last week or two routing between the
UK and India is now via the America's, Singapore, Tokyo and Bangalore.
Previously this used to hit the Euro trunk and head off to Mumbai
On 03/16/2013 06:46 PM, Vernon Schryver wrote:
From: Phil Mayers p.may...@imperial.ac.uk
It's unfortunate I wasn't able to obtain one; gdb wasn't installed on
the box, and I couldn't get the package installed because DNS was down.
Depending on the flavor of the system and its configuration,
On 03/16/2013 06:52 PM, waynemerricks wrote:
Any help of where to go next would be appreciated, apologies in advance
if this is not suitable for the Bind lists.
Nanog? UKNof? Any other routing/ops-related list?
___
Please visit
On Thu, Mar 14, 2013 at 10:29 PM, Manish Rane manish...@gmail.com wrote:
So the TTL value we are discussing here are individual NS TTL Value? Or
the SOA Default TTL Value.
When I viewed my ISP record I found that the SOA Default TTL Value is 12
days and NS RR TTL Value is 3600 secs
The SOA
15 matches
Mail list logo