Announcement

Collapse
No announcement yet.

Reduce DNS Traffic

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reduce DNS Traffic

    Dear Techies,

    In our environment we has 2 Domain controllers (win 2003) one is primary domain controller and the second one is backup domain controller both of them has AD integrated DNS, 2 exchange servers (exchange 2003) configured as forntend backend topology, 500 users accessing exchange and AD.

    Recently I found that a lot of DNS traffic is going on, I checked in both the Domain Controllers that the dns traffic is too high, nothing changed on the server side, network administrator informed me that he found lot of DNS traffic going on network, please found the detailed DNS traffic report of both DC's below, DNS forwarders are pointed to our ISP.


    Reported on \\domain.com
    Date: 10/7/2009
    Time: 12:31:02 PM
    Value: Default
    Data: Current Activity
    Interval: 1.00 seconds


    Computer: \\Primary AD

    Object: DNS


    2586 0.000
    AXFR Request Received 0.000
    AXFR Request Sent 0.000
    AXFR Response Received 0.000
    AXFR Success Received 0.000
    AXFR Success Sent 0.000
    Caching Memory 0.000
    Database Node Memory 167064.000
    Dynamic Update NoOperation 51.000
    Dynamic Update NoOperation/sec 0.000
    Dynamic Update Queued 0.000
    Dynamic Update Received 55.000
    Dynamic Update Received/sec 0.000
    Dynamic Update Rejected 0.000
    Dynamic Update TimeOuts 0.000
    Dynamic Update Written to Database 4.000
    Dynamic Update Written to Database/sec 0.000
    IXFR Request Received 0.000
    IXFR Request Sent 0.000
    IXFR Response Received 0.000
    IXFR Success Received 0.000
    IXFR Success Sent 0.000
    IXFR TCP Success Received 0.000
    IXFR UDP Success Received 0.000
    Nbstat Memory 0.000
    Notify Received 0.000
    Notify Sent 0.000
    Record Flow Memory 0.000
    Recursive Queries 10039.000
    Recursive Queries/sec 22.988
    Recursive Query Failure 1763.000
    Recursive Query Failure/sec 15.991
    Recursive Send TimeOuts 6912.000
    Recursive TimeOut/sec 20.989
    Secure Update Failure 0.000
    Secure Update Received 0.000
    Secure Update Received/sec 0.000
    TCP Message Memory 164886076.000
    TCP Query Received 2.000
    TCP Query Received/sec 0.000
    TCP Response Sent 2.000
    TCP Response Sent/sec 0.000
    Total Query Received 11616.000
    Total Query Received/sec 22.988
    Total Response Sent 8795.000
    Total Response Sent/sec 30.983
    UDP Message Memory 0.000
    UDP Query Received 11614.000
    UDP Query Received/sec 22.988
    UDP Response Sent 8793.000
    UDP Response Sent/sec 30.983
    WINS Lookup Received 0.000
    WINS Lookup Received/sec 0.000
    WINS Response Sent 0.000
    WINS Response Sent/sec 0.000
    WINS Reverse Lookup Received 0.000
    WINS Reverse Lookup Received/sec 0.000
    WINS Reverse Response Sent 0.000
    WINS Reverse Response Sent/sec 0.000
    Zone Transfer Failure 0.000
    Zone Transfer Request Received 0.000
    Zone Transfer SOA Request Sent 0.000
    Zone Transfer Success 0.000

    Object: PhysicalDisk

    _Total
    Avg. Disk Queue Length 0.013

    Object: Processor

    _Total
    % Processor Time 21.484

    __________________________________________________ __________

    Reported on \\bdc
    Date: 10/7/2009
    Time: 12:36:33 PM
    Value: Default
    Data: Current Activity
    Interval: 1.00 seconds


    Computer: \\Secondary AD

    Object: DNS


    3252 0.000
    AXFR Request Received 0.000
    AXFR Request Sent 0.000
    AXFR Response Received 0.000
    AXFR Success Received 0.000
    AXFR Success Sent 0.000
    Caching Memory 0.000
    Database Node Memory 166878.000
    Dynamic Update NoOperation 17.000
    Dynamic Update NoOperation/sec 0.000
    Dynamic Update Queued 0.000
    Dynamic Update Received 43.000
    Dynamic Update Received/sec 0.000
    Dynamic Update Rejected 4.000
    Dynamic Update TimeOuts 0.000
    Dynamic Update Written to Database 22.000
    Dynamic Update Written to Database/sec 0.000
    IXFR Request Received 0.000
    IXFR Request Sent 0.000
    IXFR Response Received 0.000
    IXFR Success Received 0.000
    IXFR Success Sent 0.000
    IXFR TCP Success Received 0.000
    IXFR UDP Success Received 0.000
    Nbstat Memory 0.000
    Notify Received 0.000
    Notify Sent 0.000
    Record Flow Memory 0.000
    Recursive Queries 1263432.000
    Recursive Queries/sec 28.007
    Recursive Query Failure 260359.000
    Recursive Query Failure/sec 5.001
    Recursive Send TimeOuts 1044142.000
    Recursive TimeOut/sec 24.006
    Secure Update Failure 0.000
    Secure Update Received 0.000
    Secure Update Received/sec 0.000
    TCP Message Memory 3520763540
    TCP Query Received 2.000
    TCP Query Received/sec 0.000
    TCP Response Sent 2.000
    TCP Response Sent/sec 0.000
    Total Query Received 1506966.000
    Total Query Received/sec 35.009
    Total Response Sent 1105088.000
    Total Response Sent/sec 32.008
    UDP Message Memory 0.000
    UDP Query Received 1506963.000
    UDP Query Received/sec 35.009
    UDP Response Sent 1105086.000
    UDP Response Sent/sec 32.008
    WINS Lookup Received 0.000
    WINS Lookup Received/sec 0.000
    WINS Response Sent 0.000
    WINS Response Sent/sec 0.000
    WINS Reverse Lookup Received 0.000
    WINS Reverse Lookup Received/sec 0.000
    WINS Reverse Response Sent 0.000
    WINS Reverse Response Sent/sec 0.000
    Zone Transfer Failure 0.000
    Zone Transfer Request Received 0.000
    Zone Transfer SOA Request Sent 0.000
    Zone Transfer Success 0.000

    Object: Processor

    _Total
    % Processor Time 3.905



    can anybody help me to reduce this DNS traffic in our network.


    Thanks in advance for your valuable support.


    Regards,
    Phani kumar .B

  • #2
    Re: Reduce DNS Traffic

    Are your servers open to the Internet for DNS?

    Thats a lot of Recursive queries.

    Recursive queries should only happen when the client or server have no cache or information in its zone for the requested domain.

    they are very intensive queries, im wondering if you are being attacked.

    check that you have "Secure cache againts Polution" enabled in DNS this will help against DNS Polution attacks.

    Try to find out where the traffic is coming from, and how often, run Wireshark on the DNS server.
    MCSE 2003; MCTS Vista; Sec+; CCNA
    Attitude Makes The Difference!
    in other words you got to WANT to do it..

    Comment


    • #3
      Re: Reduce DNS Traffic

      Another Though..


      Are you using Root Hints if no forwarder is avaliable, check your forwarders configuration make sure its working correctly, or even try different forwarder, using root hints will cause every non cached lookup to be recursive, apart from zone related lookups.
      MCSE 2003; MCTS Vista; Sec+; CCNA
      Attitude Makes The Difference!
      in other words you got to WANT to do it..

      Comment

      Working...
      X