cancel
Showing results for 
Search instead for 
Did you mean: 

Excessive DNS queries

Brian Hdgson
Occasional Visitor

Excessive DNS queries

System (HPUX B.11.11 U 9000/800) is currently sending over 150,000 DNS queries every 1/2 hour to our DNS server in Tampa, and virtually ALL of the queries are to look up its own DNS name or IP address.

DNS is configured correctly. No unusual services running. No errors in syslog. Nothing in cron I can see to cause this. Running xntpd - configuration looks ok. Using nfs/rpc services to nfs mount a file system from remote server. No nfs timeout or ther errors logged.

ANy ideas?
4 REPLIES
VK2COT
Honored Contributor

Re: Excessive DNS queries

Hello,

a) What are the contents of /etc/nsswitch.conf?
Are you searching local host file BEFORE DNS?

b) Is the hostname (including fully qualified name) properly set in /etc/hosts?

c) Is your host listed in several DNS zones?

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Kapil Jha
Honored Contributor

Re: Excessive DNS queries

What exact this server is, is it kindo of monitoring server.
From which server requests are coming only one....or all.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
Bill Hassell
Honored Contributor

Re: Excessive DNS queries

Sad to say, but several commercial backup packages stupidly ask for hostname resolution on EVERY SINGLE FILE they backup! Yes, Omniback/Data Protector is one of them. It is a huge network load for absolutely no reason. Why the hostnames can't be resolved by the program at the start is beyond my feeble mind.

The good news is that you can fix this instantly. Simply change 2 lines in nsswitch.conf:

hosts: files [NOTFOUND=continue UNAVAIL=continue] dns
ipnodes: files [NOTFOUND=continue UNAVAIL=continue] dns

DNS is becoming a very critical resource without consistent management and monitoring. Thus, the recommendation is to look in /etc/hosts first (thus eliminating gratuitous DNS lookups). In fact, using the hosts file improves overall system reliability. After all, in a server environment, IP addresses don't change very often and servers mostly talk to each other. For clients, they can be resolved by DNS as necessary.


Bill Hassell, sysadmin
Horia Chirculescu
Honored Contributor

Re: Excessive DNS queries

> and virtually ALL of the queries are to look up its own DNS name or IP address.

Check /etc/nsswitch.conf, the line corresponding to hosts should list "files" before "dns" like this:

hosts: files dns

And the file /etc/hosts should list all your IP addresses/names that your server currently have allocated, something like this:


127.0.0.1 localhost loopback
192.168.0.1 server.yourdomain.com server
192.168.0.2 yourserver.yourdomain.com yourserver


Best regards,
Horia.
Best regards from Romania,
Horia.