dns make the network slow

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Feb 20 21:40:01 UTC 2002

> gliu wrote:
> > 
> > so I think it tries to resolve the name from the ip
> I think so to, so add the reverse entries to your DNS, it is
> easier than trying to defang Openssh, qmail, ftpd, etc
> You'll need a 168.192.in-addr.arpa zone by the looks of it.
> Most apps just do the reverse lookup, so if you don't know some
> entries just write a script to create dummy entries for all your
> network addresses, and then over write the one's you do know.
	You don't need to populate the zone with fake entries.
	A NXDOMAIN response is enough speed thing up.

	What is happening is that the servers for 168.192.in-addr.arpa
	(and the other RFC 1918 zones) are grossly overloaded (~23k
	queries / sec) and you arn't getting a answer back.  The client
	eventually times out.  The servers above perform a sacrificial
	roll by drawing the query load away from the in-addr.arpa

Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list