barsalou wrote, on 1/29/2008 8:22 AM:
>> Some interesting references:
>>
>> 98% of DNS Queries at the Root Level are Unnecessary
>> http://www.sciencedaily.com/releases/2003/01/030124074245.htm
>>
>> Is Your Caching Resolver Polluting the Internet?
>> http://dns.measurement-factory.com/writings/wessels-netts2004-slides.pdf
>>
>> DNS Measurements at a Root Server
>> http://www.caida.org/outreach/papers/2001/DNSMeasRoot/dmr.pdf
>
> Royce, Have you used or are you using dnstop?
Definitely. An excellent tool. I have noticed that leaving it
running on some OSes can cause a bit of system load.
I haven't used the other tools that the Measurement Factory guy
mentions (DSC).
> Looks like an interesting tool. Where are the links to fix these
> problems? Maybe I missed it in the text?
The recommendations that I found most helpful were in the article that
I have yet to locate. :)
In a general sense, using your ISP's servers should reduce load on the
roots, and you also benefit from a significant shared cache. Auditing
your zones with the dnstop '-l' option set to 3 or 4 (or more) and
then switching to the query view depth (Alt-3, Alt-4, etc.) will
reveal a lot about what queries you're making.
royce@heffalump$ sudo dnstop -l 5 [interface name]
Seeing a bunch of queries like this means that your resolver is trying
to look up
hostname 34
hostname.mydefaultdomain.org 34
anotherhost 23
anotherhost.mydefaultdomain.org 23
Seeing lots of bogus domains or un-fully-qualified hosts means that
your internal servers are leaking requests for their siblings:
wpad 113 0.6
local 107 1.5
mom 102 0.5
belkin 24 0.3
And the Measurement Factory guys have some built-in filters for bad
queries:
Available filters:
unknown-tlds
A-for-A
rfc1918-ptr
Royce
-- Royce D. Williams - IP Engineering, ACS http://www.tycho.org/royce/ - PGP: 3FC087DB/1776A531 Man is born to live, not to prepare for life. - Boris Pasternak --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Tue Jan 29 08:41:20 2008
This archive was generated by hypermail 2.1.8 : Tue Jan 29 2008 - 08:41:20 AKST