[Pdns-users] UDP Connection Table Exhaustion?
bert hubert
bert.hubert at netherlabs.nl
Fri Jul 3 08:16:18 UTC 2009
To nuance this a bit - on Linux, you can have great benefit from the
iptables 'NOTRACK' target, which can help you do firewalling that will
not run into problems from busy DNS traffic.
Bert
On Fri, Jul 3, 2009 at 9:58 AM, Matthew Walster -
Gyron<matthew.walster at gyron.net> wrote:
>
>
>> -----Original Message-----
>> From: Sten Spans [mailto:sten at blinkenlights.nl]
>> Sent: 02 July 2009 17:04
>> To: Matthew Walster - Gyron
>> Cc: Pdns-users at mailman.powerdns.com
>> Subject: Re: [Pdns-users] UDP Connection Table Exhaustion?
>
>
>> 2- don't load any iptables modules if at all possible,
>> the state tracking causes serious (performance) problems
>> on loaded servers.
>
> I think this is the one I'm going to have to follow - the DNS server is currently on VMWare, with a 1000Mbit interface onto our core switching network, so that should be more than enough bandwidth, the state tracking is what is concerning me.
>
> Thanks for your advice!
>
> Matthew Walster
>
>
>
> This message may be private and confidential. If you have received this message in error, please notify us and remove it from your system.
>
> Gyron may monitor email traffic data and the content of email for the purposes of security and staff training.
>
> Gyron Internet Ltd is a limited company registered in England and Wales. Registered number: 4239332. Registered office: 3 Centro, Boundary Way, Hemel Hempsted, HP2 7SU. VAT reg no 804 2532 63. Gyron is a registered trademark.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
> !DSPAM:4a4dbaac25157472095810!
>
>
More information about the Pdns-users
mailing list