Marten Lehmann wrote:
> Hello,

> sometimes strange DNS-errors occur in my system of firewalled webservers
> and firewalled caching-nameservers. For example: A webserver needs to
> lookup a domain name for a mysql-server and gets a "host not found".
> Some minutes later, everything works fine again. Same for mailservers.
> Our caching nameservers are running with query-source * 53. Is it
> possible that this is a bottleneck? Could bind resolve queries more
> reliable if it can use random ports for every query? How can I run a
> test under heavy load to reporduce this behaviour?

As discussed before, "query-source * 53" is no good idea. Better
make your firewalls intelligent enough to understand state and
allow nameservers ask queries via their default port.

> Regards
> Marten

Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.