thousands of RFails bring namserver down

Ladislav Vobr lvobr at ies.etisalat.ae
Tue Jul 29 03:19:46 UTC 2003


wolf,

    if you look back in the bind-ml archive you will find some posts 
from me with a similar problem, it's a general problem of recursive 
nameservers they might be over-utilized by retrying to bring a answer 
for a recursive requests. You have to live with it, you can blackhole 
the client, or you can setup a master zone for that queried domain with 
a very high TTL ( not years :-) )and answer the request, which should be 
cached in the originated nameserver, I am not sure if this is completely 
legal but it saved my "life" :-) several times.  You can as well mark it 
bogus and avoid the queries to the remote nameserver to be retried. In 
my case I am trying to separate the recursive and nonrecursive dns 
services so not everything is impacted when the recursive servers has to 
do lot of work. You can use as well some load balancers or l4-7 
switches, some of them can filter the traffic on dns level and avoid 
such a traffic to reach you dns even if it is distributed.You can as 
well use some tools to monitor dns traffic and script some tools to do 
the blocking/blackholing automatically.

Hope you will still read this since I have missed 2-3 months in the 
mailing list and have to catch up now:-)

Ladislav


wolf_qwert wrote:

>Hi,
>
>I am running a bind8 nameserver and have a problem with thousands of
>queries to my  nameserver for a nameserver that currently seems to be
>down. During the last hour the RFail count went up 698202! My
>nameserver gets the queries from one client (and my problem is, that I
>don't have access to this client) and starts to send every query out -
>waits for the timeout and tries again. In the end the server sends the
>query back unanswered to the client as it should. The result is that
>the CPU is at 100% and no normal query gets answered in an aceptable
>time. Now I have 3 questions:
>1.Is there no way to tell the named to cache the information that the
>nameserver is currently not answering?
>2.Should not the client store the information that the server is not
>available?
>3.Is there a client that is known for sending thousands of queries if
>it gets no correct answer?
>Any hints are welcome!
>
>  
>



More information about the bind-users mailing list