# torrenting makes bind angry

## poly_poly-man

I (and my network) get DNS from bind running on my local machine. Pretty standard setup, except for a lan zone (well two - one for backwards, one for forwards). I've never had trouble before, even during torrents (like, a torrent on saturday was fine, but this one is not.)

the only thing I've changed (my nightly update scripts are held up at some bluez blocks - I've been too lazy to fix) is my kernel version - was on 2.6.28, now on 2.6.30_rc7.

the errors in /var/log/messages are all about EDNS - either "success resolving... after disabling EDNS" or "success resolving... after reducing the advertised EDNS UDP packet size to 512 octets" - also some connection refuseds from named (and a ton of could not resolves from other programs).

A few resolutions succeeded, but slowly when I had the torrent running - I'm stopping it until I can figure this out.

Also, on a slightly unrelated note, does bind cache stuff that you've resolved in the past, but aren't actively resolving? I occasionally see some messages for sites like x86-64.org and georgeprowse.co.uk - I'm the only one here who would look at them, and I haven't looked at them in quite a while.

----------

## szczerb

Do you by ane chance use wifi? I noticed not long ago (probably with one of the first .30 rcs) that when I have a lot of connections over my wifi interface it gets ridicilously slow - like giving pushing a movie over samba can't get faster then 30KB/s or something like that - even though all those connections generated not more that 1Mb/s of data.

----------

## poly_poly-man

 *szczerb wrote:*   

> Do you by ane chance use wifi? I noticed not long ago (probably with one of the first .30 rcs) that when I have a lot of connections over my wifi interface it gets ridicilously slow - like giving pushing a movie over samba can't get faster then 30KB/s or something like that - even though all those connections generated not more that 1Mb/s of data.

 I use wifi, but not at the computer (an openwrt router takes care of that for me).

...but come to think of it, I skipped over 2.6.29, which apparently introduced some issues with forcedeth, which I do have.

could that be it?

----------

## szczerb

Might - never used it. Try stuffing an old 3com or something reliable with old drivers into that box and check if it makes any difference - unless of course it's a laptop...

----------

## poly_poly-man

 *szczerb wrote:*   

> Might - never used it. Try stuffing an old 3com or something reliable with old drivers into that box and check if it makes any difference - unless of course it's a laptop...

 ...or it's a desktop with a video card that takes up the pci-express x16 slot and the two slots below it - both pci. And I don't have a pci-express x1 card to test.

----------

## szczerb

That's why I keep my old GF6600 lying around ;]

----------

## pigeon768

 *poly_poly-man wrote:*   

> a video card that takes up the pci-express x16 slot and the two slots below it - both pci.

  Your video card takes up 3 slots? D: Is it a custom heatsink or some crap?

----------

## poly_poly-man

 *pigeon768 wrote:*   

>  *poly_poly-man wrote:*   a video card that takes up the pci-express x16 slot and the two slots below it - both pci.  Your video card takes up 3 slots? D: Is it a custom heatsink or some crap?

 the stock hatsink needed an extra slot for the heatsink and another for airflow - this is a passive cooler to which I attached a fan... 3 slots at least.

any help on my actual issue?

----------

## causality

I don't think your issue is actually being caused by BIND, but I am curious as to whether this would help.

Unless you really need a feature that BIND provides which cannot be found elsewhere, I'd recommend using something else.  BIND is a big beast that's probably overkill for what you described, and worse, it has a security history not unlike that of Sendmail (both come from a time before the 'Net was considered a hostile network).  The (relatively) recent rewrite of BIND doesn't seem to have done very much to address security.

A long time ago I used to use djbdns but these days it seems poorly maintained.  Now I use maradns (which is in the Portage tree).  It's small, lean, secure, and performs well and I'm very satisfied with it.  I have mine set up as a local, caching DNS server that communicates directly with the root DNS servers.  It provides DNS for all of the machines (Linux and others) on my LAN.

If you don't mind installing and configuring a new DNS server, I wonder if this would help you.  I should emphasize though that for all I know, you may replace BIND only to continue to have the same issue, but at least in that case at least you would rule out one possibility and would probably also have a more secure setup.

----------

## poly_poly-man

 *causality wrote:*   

> I don't think your issue is actually being caused by BIND, but I am curious as to whether this would help.
> 
> Unless you really need a feature that BIND provides which cannot be found elsewhere, I'd recommend using something else.  BIND is a big beast that's probably overkill for what you described, and worse, it has a security history not unlike that of Sendmail (both come from a time before the 'Net was considered a hostile network).  The (relatively) recent rewrite of BIND doesn't seem to have done very much to address security.
> 
> A long time ago I used to use djbdns but these days it seems poorly maintained.  Now I use maradns (which is in the Portage tree).  It's small, lean, secure, and performs well and I'm very satisfied with it.  I have mine set up as a local, caching DNS server that communicates directly with the root DNS servers.  It provides DNS for all of the machines (Linux and others) on my LAN.
> ...

 I absolutely love both BIND and sendmail on my local machine - I could not live without the two of those.

----------

## causality

 *Quote:*   

> I absolutely love both BIND and sendmail on my local machine - I could not live without the two of those.

 

In that case you probably know what you're doing.  Maradns and Postfix here, btw   :Smile: 

Another idea that is less involved occurred to me that may help your diagnostics.  You could edit /etc/resolv.conf and comment out the line which says:

```
nameserver 127.0.0.1
```

and replace it with a "nameserver" line that points to another, external DNS server such as one of your ISP's.  That would probably help you narrow down whether this is actually a BIND problem.  If that makes no difference, maybe it's the forcedeth issue you mentioned.

I use the forcedeth driver too, but unfortunately I can't say whether the 2.6.29 kernel caused problems for me because I use Gentoo-Hardened and the stable sys-kernel/hardened-sources is currently 2.6.28-r9.

----------

## poly_poly-man

I'm actually using my lan IP in resolv.conf, not that it should matter...

I don't think it's a BIND issue, as BIND never has issues - I think it's an issue with some UDP traffic being dropped... for some reason.

----------

## causality

Though I don't use it myself, I tend to agree with you about BIND.  My point was that we now know a trivial and practically effortless way that BIND can be positively ruled out so that this need not be an assumption.  Let's say that in the past I've learned, the hard way, about why I shouldn't make even the most reasonable-sounding assumptions when trying to figure out the cause of a problem.  By that I don't mean to criticize you at all, it's just that I hope maybe others can benefit from how hard-headed I can sometimes be  :Embarassed: 

As far as UDP traffic, you may find net-analyzer/iptraf to be a very convenient packet sniffer to use in order to get an idea of what's going on.  There are certainly more feature-packed sniffers, but this one uses a clean, simple, uncluttered interface which would probably be nice for this kind of diagnostics.  I have Wireshark installed, but when I just need to get an idea of what's happening on my network and don't need to do any sort of data capture or other detailed analysis, iptraf is my favorite.

----------

