What should stop this altogether is compiling a kernel with IPv6
commented out, I guess. If you don't use IPv6 that is _the_ solution,
I think.
As for limiting queries to just two root servers: That will not work
by editing named.root. For Bind will query one of these machines for
ALL root servers, and put the data for all in its cache, and query
them subsequently. The hints file is only used at the start, to get
the full and up to date data.
On Tue, 22 Apr 2003, at 13:47 [=GMT+1000], Sue Blake
wrote:
> (Either this was too hard for the folks on -questions, or it was out
> of place there, or I'm not providing the right kind of info or...
> I'm open to suggestions.)
>
> At this stage I'd approach bliss if someone could even tell me how
> to make bind forget that IPv6 exists, and therefore stop hammering
> these queries at an apparently unsympathetic NT DNS server.
>
> Two affected (dns-forwarding-only) machines are:
>
> FreeBSD 4.8-PRERELEASE #0: Mon Feb 24 12:43:50 EST 2003
> named 8.3.4-REL Mon Feb 24 11:46:20 EST 2003
>
> 4.6-RELEASE FreeBSD 4.6-RELEASE #0: Tue Jun 11 06:14:12 GMT 2002
> named 8.3.2-T1B Tue Jun 11 03:58:03 GMT 2002
>
> BTW, requiring BIND to use port 53 didn't help either.
>
> --- Sue Blake <aunty_sue@yahoo.com.au> wrote:
> > Date: Thu, 17 Apr 2003 05:06:20 +1000 (EST)
> > From: Sue Blake <aunty_sue@yahoo.com.au>
> > To: freebsd-questions@freebsd.org
> > Subject: root server dns queries
> >
> > I'm seeing a flurry of queries like those below every time I try
> > to send an email destined for the outside of an internal network.
> >
> > Upon the send command, mutt pauses for 1-5 minutes and there is
> > no maillog activity, as if DNS lookup is stalling. Eventually the
> > mail gets out successfully.
> >
> > I cannot access the internal DNS servers, which are running NT.
> > My BIND is cache only, forwarding to the NT boxes. Sendmail has
> > been configured to WorkAroundBrokenAAAA. The box is running
> > STABLE from about the end of February. When I query each NT
> > box directly with nslookup they give the appropriate responses
> > without fuss.
> >
> > Since something seems to be querying each root server in turn
> > repeatedly (and failing), I whittled down my root file to
> > two root servers and restarted named as an experiment.
> > It still queried every one of them, not just the two it knew about.
> >
> > I see the following almost constantly:
> >
> > 621.091795 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA J.ROOT-SERVERS.NET
> > 621.092003 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 I.ROOT-SERVERS.NET
> > 621.092194 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA I.ROOT-SERVERS.NET
> > 621.092383 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 H.ROOT-SERVERS.NET
> > 621.092575 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA H.ROOT-SERVERS.NET
> > 621.092764 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 G.ROOT-SERVERS.NET
> > 621.092954 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA G.ROOT-SERVERS.NET
> > 621.093144 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 F.ROOT-SERVERS.NET
> > 621.093332 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA F.ROOT-SERVERS.NET
> > 621.093519 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 E.ROOT-SERVERS.NET
> > 621.093708 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA E.ROOT-SERVERS.NET
> > 621.093895 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA D.ROOT-SERVERS.NET
> > 621.094087 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 D.ROOT-SERVERS.NET
> > 621.094274 bsdbox.internal.net -> dns.internal.net DNS Standard
query A6 C.ROOT-SERVERS.NET
> > 621.094460 bsdbox.internal.net -> dns.internal.net DNS Standard
query AAAA C.ROOT-SERVERS.NET
> > [...]
> > 635.608491 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.608596 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.608696 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.608798 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.608901 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.609001 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.609102 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.609204 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.609305 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 635.609406 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > 643.609064 dns.internal.net -> bsdbox.internal.net DNS Standard
query response, Server failure
> > [...]
> >
> > The high numbered port used at my end is, according to lsof,
> > owned by named and its number does not change until named is
> > restarted.
> >
> > Have I goofed somewhere, or do I need some more NT kludges?
> >
> > (Aplogies for the formatting, this is the only email available.)
> >
> >
> >
> > http://mobile.yahoo.com.au - Yahoo! Mobile
> > - Check & compose your email via SMS on your Telstra or Vodafone
mobile.
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
>
> http://mobile.yahoo.com.au - Yahoo! Mobile
> - Check & compose your email via SMS on your Telstra or Vodafone
mobile.
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
"freebsd-stable-unsubscribe@freebsd.org"
>