Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: CKConsulting on January 09, 2007, 04:13:24 AM

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: CKConsulting on January 09, 2007, 04:13:24 AM

Looking for some help......
SME 7 up to date.
I noticed that my network was being hammered, I have tracked it down to my sme box.  Tons of traffic on UDP/53, and dnscache is using about 23% of my CPU.  I killed dnscache and traffice stopped, but it started right back up.

Rick

Title: Re: Network is being hammered, Port 53 DNSCache-Help....
Post by: william_syd on January 09, 2007, 04:29:23 AM

Quote from: "CKConsulting"

Looking for some help......
SME 7 up to date.
I noticed that my network was being hammered, I have tracked it down to my sme box.  Tons of traffic on UDP/53, and dnscache is using about 23% of my CPU.  I killed dnscache and traffice stopped, but it started right back up.

Rick

Code: [Select]

db configuration setprop dnscache status disabled
/etc/rc.d/rc7.d/S55dnscache stop

That might stop it.

Don't know what the implications of doing that are.

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: CKConsulting on January 09, 2007, 05:20:24 AM

Well, that stopped it and the internet.
I changed the settings back restarted service, still no internet?

Rick

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: william_syd on January 09, 2007, 05:38:58 AM

Quote from: "CKConsulting"

Well, that stopped it and the internet.
I changed the settings back restarted service, still no internet?

Rick

I guess thats the implications.. :)

Code: [Select]

db configuration setprop dnscache status enabled
signal-event remoteaccess-update
signal-event dns-update
/etc/rc.d/rc7.d/S55dnscache start
/etc/rc.d/rc7.d/S55dnscache status

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: duncan on January 09, 2007, 06:02:51 AM

I find that if I don`t add a single dns server during the initial setup this happens. Overloads my gateway with dns requests. Add a server during setup and the problem goes away.

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: CKConsulting on January 09, 2007, 06:11:16 AM

Thanks William, I'm back up.  Now back to trouble shooting the issue.

This Community is GREAT!

Rick

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: CKConsulting on January 09, 2007, 06:22:35 AM

Not sure what's up, the issue is gone now???????
Strange..I'll keep watching it.

Thanks again for the help.
Rick
I

Title: Re: Network is being hammered, Port 53 DNSCache-Help....
Post by: dmay on January 09, 2007, 09:24:22 PM

Quote from: "CKConsulting"

Looking for some help......
SME 7 up to date.
I noticed that my network was being hammered, I have tracked it down to my sme box.  Tons of traffic on UDP/53, and dnscache is using about 23% of my CPU.  I killed dnscache and traffice stopped, but it started right back up.

Rick

This _may_ be related. Are you running qpsmtpd with DNSBL/RHSBL enabled? We just discovered relays.ordb.org is dead!

http://it.slashdot.org/article.pl?sid=06/12/18/154259&from=rss
http://bugs.contribs.org/show_bug.cgi?id=2139

If this applies to you, try removing relays.ordb.org from your qpsmtpd RBLList config:

Code: [Select]

# config setprop qpsmtpd RBLList sbl-xbl.spamhaus.org,whois.rfc-ignorant.org,dnsbl.njabl.org
# signal-event email-update
Darrell

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: CKConsulting on January 10, 2007, 05:31:27 AM

Yes this applies to me and I stopped having issues after I turned off SPAM filtering.   I'll test it tomorrow and post my results.

Thanks
Rick

Title: Network is being hammered, Port 53 DNSCache-Help....
Post by: gbentley on January 10, 2007, 03:45:47 PM

Is there an automated process enabling live lists only ?