limiting number of requests of a single hosts
bind at jubileegroup.co.uk
Fri Jun 15 15:46:07 UTC 2012
On Fri, 15 Jun 2012, Holemans Wim wrote:
> ... Once or twice a day a DNS burst (20K requests/15sec) kills all
> connections on the firewall.
Have you disabled firewall connection tracking for DNS requests?
> We have 6 dns servers (bind) on our campus, that are all
> authoritative for our domains and also resolver for our campus
> hosts. Most of our clients however use our AD/LDAP/DNS Microsoft
> servers as their resolver, which on their turn contact our 6 dns
> servers for further resolving.
Could you simply run BIND resolvers for your clients and as far as
possible avoid using the Microsoft services?
> Two, has anyone already seen this type of behavior on a Microsoft
> AD/LDAP/DNS server and has a clue what could cause this stalling ?
Yes, I've seen it. I suspect dropped packets might be the cause, but
I have no hard evidence. My solution was to use BIND instead. :)
More information about the bind-users