Search Again: Re: Problems with QuickDNS Pro 3.0.1 From: Jerry Pasker Date: Monday, February 12, 2001 Time: 10:49:07 am Running QDNS 3.0 on the primary, and QDNS 2.2 on the secondary; About 100 domains are hosted on, and over 400 dial ports hit this server. It's 5 minute load average at the switch runs about 20Kbps in both directions, so there's a fair amount of traffic involved. My secondary DNS doesn't even average enough traffic for the switch to compute a load average for the link. Less than 1kbps, and less than 1 packet per second run on the secondary DNS's link. I used to crash and burn several times a week. Now I crash no more. (But I bet I crash before the week is out.... that's how it goes when you go post something like this to a mailing list.... :-) I've blocked TCP Port 53 at the router that services the subnet that my DNS servers are on (gasp! Primary and secondary DNS on one subnet!) that way they can do zone transfers between each other, but no TCP activity can take place off my internal network. I run dial-up on 3 other subnets, so the DNS servers are completely isolated, TCP wise, from the rest of the world. I did this over a month ago. Guess what? 1)Never crashed since. 2)NEVER EVER have I had a SINGLE problem with ANYTHING not resolving correctly, or ANY *HINT* of any DNS related issue. Really. 3)Never crashed since. (really!) Why did I do this? Because I know/knew that my versions of QuickDNS were susceptible to TCP DoS attacks, and I also didn't believe any of the superstition that a UDP only DNS server wouldn't work. As far as I could tell, no one who ever said "Oh no!! You can't do that!! You need TCP in case a UDP lookup fails!" had actually TRIED it. If you've got ample bandwidth, TCP won't be used for DNS queries anyway. That's a big "IF" but since I'm in the bandwidth business, I tend to keep a cushy reserve of the stuff. So, button down TCP port 53, and see if that makes a difference. It did with my server. No more of those annoying "Zone transfer not allowed...." messages cluttering up the log, either. If you have a DNS server off on another network doing zone transfers, this won't work, unless you allow for it in your filter list. If you are worried that you don't have enough bandwidth to do this, then GET MORE. :-)

Messages In This Thread: Problems with QuickDNS Pro 3.0.1 by Mia''s Virtual Post Office on Feb 10, 2001 at 4:29:03 am Re: Problems with QuickDNS Pro 3.0.1 by Bennie Warren on Feb 10, 2001 at 6:56:43 am Re: Problems with QuickDNS Pro 3.0.1 by andrew on Feb 10, 2001 at 7:16:37 am Re: Problems with QuickDNS Pro 3.0.1 by Bennie Warren on Feb 10, 2001 at 7:27:58 am Re: Problems with QuickDNS Pro 3.0.1 by andrew on Feb 10, 2001 at 7:59:58 am Re: Problems with QuickDNS Pro 3.0.1 by Bennie Warren on Feb 10, 2001 at 10:09:17 am Re: Problems with QuickDNS Pro 3.0.1 by Mia''s Virtual Post Office on Feb 10, 2001 at 11:07:49 am Re: Problems with QuickDNS Pro 3.0.1 by Peter Lalor on Feb 10, 2001 at 12:15:11 pm Re: Problems with QuickDNS Pro 3.0.1 by Peter Lalor on Feb 10, 2001 at 12:20:44 pm Re: Problems with QuickDNS Pro 3.0.1 by andrew on Feb 11, 2001 at 8:19:32 am Re: Problems with QuickDNS Pro 3.0.1 by Philip Butler on Feb 12, 2001 at 10:42:09 am Re: Problems with QuickDNS Pro 3.0.1 by Jerry Pasker on Feb 12, 2001 at 10:49:07 am Re: Problems with QuickDNS Pro 3.0.1 by Sigurdur Ragnarsson on Feb 12, 2001 at 12:22:18 pm Re: Problems with QuickDNS Pro 3.0.1 by Jerry Pasker on Feb 12, 2001 at 1:47:26 pm Re: Problems with QuickDNS Pro 3.0.1 by Men & Mice Support on Feb 12, 2001 at 10:26:59 pm