DoS after routing problem
Paul v. Empelen
tar.gz at non-existent.net
Tue Nov 30 10:29:21 UTC 1999
We recently had a strange problem here:
When we started BIND, the server was using 100% CPU load after about
two minutes. Most DNS requests timed out. Even requests for authoritative
domains. I tried everything, even downgrading from V8 to V4, but
the problem still came back.
It appeared that the cause was very simple. The DNS could not resolve the
U.S. sites because of a routing problem. I don't know what exactly happens,
but I guess that BIND has a limit of the number of unanswered requests or so,
and it stopped responding.
Finally, I found a quick fix and forwarded all requests to a DNS in another AS,
(using forwarers). This solved the problem.
Now I was wondering if I can prevend that the nameserver will hang itself up.
If it can't reach some DNS servers, that's fine. The users can't reach those
sites anyway. What I don't like is that even local domains are not resolveable
Any help is welcome.
More information about the bind-users