Operating System - HP-UX
1748284 Members
3678 Online
108761 Solutions
New Discussion юеВ

High DNS polling on 11.31

 
paabhi
Frequent Advisor

High DNS polling on 11.31

Hi Team,

Some of our new 11.31 servers generating high high DNS polling and that caused the failure of the firewall in our environment.

Please could anyone help us in troubleshooting this.Please tell me what and all I have to check.I am not finding any unusual in the system behaviour

paabhi
4 REPLIES 4
rick jones
Honored Contributor

Re: High DNS polling on 11.31

What do you mean by high DNS polling? Do you mean that the systems were sending quite a lot of DNS requests? What sort of rate was it generationg?
there is no rest for the wicked yet the virtuous have no pillows
VK2COT
Honored Contributor

Re: High DNS polling on 11.31

Hello,

If the server is sending a high number of DNS
request, I would first check if it runs some
kind of monitoring software (HP SIM, HP OpenView, and others, for example), or
scanner.

It is also possible that the server has a high number of incoming connections and it
tries to resolve reverse resource records in
DNS?

Simple tcpdump can show your traffic
statistics...

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Bill Hassell
Honored Contributor

Re: High DNS polling on 11.31

If you want to kill your DNS server, run a Data Protector backup (or other commercial backup program). For insane reasons, these programs request the IP address of the server being backup up for *EVERY* file being backed up. Although the software needs to be fixed, you can stop pounding your DNS servers by changing /etc/nsswitch.conf and putting the most common IP addresses in /etc/hosts.

Change nsswitch.conf to read:

passwd: files
group: files
hosts: files [NOTFOUND=continue UNAVAIL=continue] dns
ipnodes: files [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]
services: files
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files

Repeat this for all of your HP-UX servers. At the same time, contact the owners/mfrs of the software packages that are causing this ridiculous stream of useless resolver calls.


Bill Hassell, sysadmin
rick jones
Honored Contributor

Re: High DNS polling on 11.31

One might also/instead look into running a caching-only DNS server on the HP-UX systems generating the large quantity of DNS requests. It is more work initially than simply tweaking /etc/hosts and nsswitch.conf, but if you have much of a "dynamic" name to IP environment it may be less work overall.

The bit about the backup software always looking up for each new file is disturbing - it suggests it is establishing a new TCP connection for each (at least that is the only conceivable reason I can see for making the getaddrinfo() call - and it better be a getaddrinfo() call at this point :)
there is no rest for the wicked yet the virtuous have no pillows