Greetings I had been puzzling for a while why my combined mail/web/dns server was getting slower and slower until I realised my mistake. I had inadvertently left my named available for the entire world to do recursive queries on. I have since then fixed the problem by only allowing my 2 local networks the ability. My router (and with it my ADSL connection) however remains plagued with requests.
When I look in my messages file now I see things like this: > Apr 7 09:35:29 www named[3389]: client 84.111.27.79#43162: query > (cache) './ANY/IN' denied > Apr 7 09:35:29 www named[3389]: client 82.8.158.243#13493: query > (cache) './ANY/IN' denied > Apr 7 09:35:29 www named[3389]: client 84.111.27.79#43162: query > (cache) './ANY/IN' denied > Apr 7 09:35:29 www named[3389]: client 82.8.158.243#13493: query > (cache) './ANY/IN' denied > Apr 7 09:35:33 www named[3389]: client 84.111.27.79#46407: query > (cache) './ANY/IN' denied > Apr 7 09:35:33 www named[3389]: client 82.8.158.243#7064: query > (cache) './ANY/IN' denied > Apr 7 09:35:37 www named[3389]: client 84.111.27.79#54773: query > (cache) './ANY/IN' denied > Apr 7 09:35:38 www named[3389]: client 82.8.158.243#49354: query > (cache) './ANY/IN' denied > Apr 7 09:35:42 www named[3389]: client 84.111.27.79#55616: query > (cache) './ANY/IN' denied > Apr 7 09:35:42 www named[3389]: client 82.8.158.243#49660: query > (cache) './ANY/IN' denied > Apr 7 09:35:42 www named[3389]: client 84.111.27.79#55616: query > (cache) './ANY/IN' denied > Apr 7 09:35:46 www named[3389]: client 84.111.27.79#42538: query > (cache) './ANY/IN' denied > Apr 7 09:35:46 www named[3389]: client 82.8.158.243#60349: query > (cache) './ANY/IN' denied > Apr 7 09:35:50 www named[3389]: client 84.111.27.79#23761: query > (cache) './ANY/IN' denied > Apr 7 09:35:50 www named[3389]: client 82.8.158.243#16312: query > (cache) './ANY/IN' denied > Apr 7 09:35:54 www named[3389]: client 84.111.27.79#15570: query > (cache) './ANY/IN' denied > Apr 7 09:35:55 www named[3389]: client 82.8.158.243#44390: query > (cache) './ANY/IN' denied > Apr 7 09:35:59 www named[3389]: client 84.111.27.79#58973: query > (cache) './ANY/IN' denied > Apr 7 09:36:00 www named[3389]: client 82.8.158.243#27353: query > (cache) './ANY/IN' denied > Apr 7 09:36:00 www named[3389]: client 84.111.27.79#58973: query > (cache) './ANY/IN' denied > Apr 7 09:36:04 www named[3389]: client 84.111.27.79#43818: query > (cache) './ANY/IN' denied > Then a few really weird ones > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58219: query > (cache) './ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'iomjkpaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'bbcalfaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'bjlclgaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'mfooljaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'nmfklkaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'poimllaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'goeclmaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'pfenloaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'npmilpaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'nifjmdaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'dhlmmeaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'hjnfnlaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'coppgdaaaaelf0000deaaabaaafbgpja/ANY/IN' denied > Apr 6 11:22:47 www named[3389]: client 108.168.172.162#58220: query > (cache) 'mipfghaaaaelf0000deaaabaaafbgpja/ANY/IN' denied As you can see from the time stamps, it is almost constant. Performance is vastly improved since I stopped allowing recursion but I would like to see if I can get this any better. The real trick would be to halt this at theperimeter but I can't just block named requests at the router as we act as primary dns server for a few small domains that we house and look after. Can anyone suggest anyway we can move this forward? TIA Nigel. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
