Question : PIX-525 high cpu uage and high DNS connection count

Hello Guys,

I administer a PIX-525 which protects the DMZ servers. One of the servers is a DNS server running BIND 8. During high traffic utilization time the CPU usage of the firewall climbs up to 80% and when I see the connection count, most are towards the DNS server. I googled on this issue and soe guys suggested that I issue the 'fixup protocol dns maximum-length 1024' command. And also I got a suggestion from some forum disbaling 'fixup protocol dns' will help.But I am not sure if that is a good idea. On the syslog there is nothing unusual log about DNS but if I remove the access-list for DNS access, the cpu usge drops down to 3-5%. What is causing the high cpu utilization when the DNS is up?

Answer : PIX-525 high cpu uage and high DNS connection count

Check routes to and from the DMZ
Try to be as specific as possible on your routes, try no to use default (0.0.0.0 0.0.0.0) routes
is ip cef enabled? This might be a worthwhile tweak.

Random Solutions

Can two users log on to one computer at the same time?

Does the web tools platform come with Eclipse 3.4 IDE for Java EE Developers?

DHCP Server stopped worked - Need help fast. URGENT

Transmission of audio signal using ER400TRS transceiver(data control executed by PIC16F876)

How to quickly search Lotus Notes for a telephone number using C#

Setup ICS through wireless NIC

create a war file with ant script

Punch down block

Windows Server 2008 drops its static IP Address and renews by DHCP

VPN error 800 unable to establish connection