Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarding overload

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 896 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      psd_steve
      last edited by

      I am running Pfsense:

      2.1-RELEASE (i386)
      built on Wed Sep 11 18:16:22 EDT 2013
      FreeBSD 8.3-RELEASE-p11
      You are on the latest version.

      on an older Dell poweredge 2850. 4 Gigs of Ram and plenty of HD space (got to love e-bay) 2 Satellites run in and one lan. I have it set to load balance with both gateways in a group called load balance_GW Evidently I have some error as our provider says we are getting DNC requests from one of the Sats at like 200 per second. Here is her e-mail to me. I am not exactly sure what to do and how to re-configure. If I disable the DNS forwarder will it shutdown things inside?

      Packages installed

      Squid
      Sarg
      Lightsquid

      OK – I poked around a bit on this today.  The good news is that I'm not seeing any evidence of a virus or DNS attack. All the requests seem to be coming from your network. I did find a few interesting things.

      The load balancer seems to be acting itself as a DNS cache, and also  only using TAP 66 right now for DNS lookups.  What we are seeing is two requests for every domain name looked up.  It may be that since it has two interfaces (TAP 48 and TAP 66) when it gets a DNS request it wants to send it out both interfaces to see which one responds fastest.  That's all well and good but both of those requests seem to be coming from the router 217.aaa.bbb.ddd IP which is the interface on TAP 66's network. I ran a tcpdump on TAP 48 and also reviewed our packet analyzer and there are essentially no DNS requests coming in from anything else on TAP 48.

      Something else might be going on at this moment with your LAN connection to TAP 48 -- the router IP at 217.aaa.bbb.ccc has been intermittently not responding -- a few seconds ago I was unable to ping it

      defs-xxxxx-yyy-zzz-48:/var/run# arp -a ccc-bbb-aaa-217.ip.eu.tachyon.net (217.aaa.bbb.ccc) at <incomplete>on eth0

      defs-xxxxx-yyy-zzz-48:/var/run# ping
      PING 217.aaa.bbb.ccc (217.aaa.bbb.ccc) 56(84) bytes of data.
      From 217.aaa.bbb.ccc icmp_seq=1 Destination Host Unreachable
      From 217.aaa.bbb.ccc icmp_seq=3 Destination Host Unreachable
      From 217.aaa.bbb.ccc icmp_seq=4 Destination Host Unreachable

      That's recent behavior though -- about 30 minutes ago I was running a tcpdump and was seeing normal traffic.

      Back to the load balancer. Your load balancer seems to be itself acting as a DNS cache.  This is probably a configurable setting on it-- you can set it up to be a DNS cache or to just pass along DNS requests without caching.  We'd like to have you try changing it so that it is just passing the requests to the modem.  The modem may not be any better at it than your cache, but there seems to be some misconfiguration that is causing it to double-up on requests so disabling that would probably make things better for the time being.  This will also help by halving the number of requests, which will keep it from cache to flush (roll over due to being full) as often and will make it more useful.

      Can you take a look again at how it is configured?

      I will re-enable the transparent DNS cache for now since it is not having a negative impact and may be helping a little bit.  I'll reboot the terminal in a little while--looks like TAP 48 (on the LAN side) is not happy so I don't want to take 66 down right now.

      --Linda</incomplete>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.