[mcarey]

Thanks for the information. I wondering is their is an OID for this information in the fw tabs -s output:

HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 25587 31530 335360


So if I have my connection limit set to 100,000, that means 800,000 SLINKS, so I must be going over that.

As far as the DNS - yes, it probably is over-taxed, but this only occurs on a DNS restart which prompts a zone reload from a root server. I can only guess that the zone reload is so massive that it locks up the box?


There are 2 UDP ports defined for ALLOW in all the rules in this firewall. the udp-dns was already set to NOT Accept replies from any port. But udp-ntp was set to Accept replies from any port and is the rule right before DNS. I made the changes they suggest and will try it tomorrow.

Thanks