Security

Reply
Highlighted

Problems with RPZ demo: NS db_find() failed: quota reached

JMurray
Techie
Posts: 7
2978     0

We enabled RPZ in "LogOnly (Disabled)" mode at:

Mar 11 09:06:17 192.168.0.1 named[10152]: zone malware.rpz.infoblox.local/IN: Transfer started.

 

Before we enabled RPZ our Recursive Quota stats looked something like this:

Mar 11 09:05:16 192.168.0.1 named[21378]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 245/830/0/0/1000/0
Mar 11 09:06:09 192.168.0.1 named[21378]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 182/830/0/0/1000/0

After RPZ was running for a few minutes our Recursive Quota stats looked like this:

Mar 11 09:11:15 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 1000/1000/0/0/1000/20171
Mar 11 09:16:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 984/1000/0/0/1000/39953
Mar 11 09:21:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 997/1000/0/0/1000/60788
Mar 11 09:26:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 1000/1000/0/0/1000/83541

Yes, the 1000 in there means we maxed out the recursive name server and started dropping DNS queries, which are logged like this:

Mar 11 09:17:53 192.168.0.1 named[10152]: client 192.168.55.251#13374 (p52-buy.itunes.apple.com): rpz NSIP rewrite p52-buy.itunes-apple.com.akadns.net via p52-buy.itunes-apple.com.akadns.net unrecognized NS db_find() failed: quota reached

 

Support has asked us to bump up the max quota from 1000 to 2000 to solve the problem.  Has anyone else run into this issue when enabeling RPZ?

 

 

Re: Problems with RPZ demo: NS db_find() failed: quota reached

Simonau
Techie
Posts: 10
2979     0

what NIOS ver you are using ?

Re: Problems with RPZ demo: NS db_find() failed: quota reached

TomNelson
Techie
Posts: 6
2979     0

Did this get resolved?  I am seeing the following in our syslog after enabling RPZ feeds

 

Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over/low-pri = 1634/4000/3900/637344/4000/303514/1629


I currently have our IB 1410 recursive clients settting at 4000 and has been running fine.

Is this normal behavior to be that absurdly high after enabling RPZ feeds?

I am running NIOS 8.1.6

Showing results for 
Search instead for 
Do you mean 

Recommended for You