Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

60k queries per sec with DNS proxy on V5

MagicMike
Hi,

there is a V5 installation with DNS proxy for LAN and DMZ. There seems to be some issue with DNS queries, since the DNS query report shows up to 60k query spikes on the daily graph and the load on the box is doubled from normal.

I found that there are a lot of this type of lines in the proxy log:

named[29922]: MAXQUERIES exceeded, possible data loop in resolving (somewebsiteaddress.com)

Could be some kind of open DNS proxy (thru a server at DMZ) or something?


This thread was automatically locked due to age.
Parents
  • 0
    Could be a lot of things... broken server or workstation, worm, ...

    You might be able to tell from the network graphs which interface(s) it's affecting.
    If not, fire up tcpdump or another sniffer on each network until you find the traffic.

    Barry
Reply
  • 0
    Could be a lot of things... broken server or workstation, worm, ...

    You might be able to tell from the network graphs which interface(s) it's affecting.
    If not, fire up tcpdump or another sniffer on each network until you find the traffic.

    Barry
Children
No Data