[ednog] DNS server monitoring

Clark Gaylord cgaylord at cns.vt.edu
Wed Nov 30 09:49:54 EST 2005

At 17:11 -0800 11/28/2005, Mark Boolootian wrote:

>>>The one caveat to this is that dedicated syslog servers that don't run
>>>any traffic-generating applications end up having their MAC address aged
>>>out of the forwarding tables of the L2 gear, and your syslog traffic ends
>>>up flooded to everyone in the same broadcast domain.

Our standard network config avoids this problem entirely: we use port 
security to only learn a single MAC address on user ports, clearing on 
link down.  Forwarding entries are then "static" as long as link state 
is preserved and hence do not age out.  This also prevents overrunning 
switch CAM tables, and is altogether a Good Thing.  For switch models 
that do not support the clear-on-link-down feature (nearly everyone has 
the "learn up to a specified number of static entries" feature), we run 
a trap handler that clears forwarding tables when it receives link-down 
traps; implementation of this is left as an exercise but is 


More information about the ednog mailing list