Exceeding recursive client limit

Rich Parkin RParkin at ldmi.com
Mon Jun 13 18:52:13 UTC 2005

I'm getting hammered with recursive requests... I have no doubt that if I =
weren't limiting them, they'd consume all of the memory on my server and =
crash it.

My problem is that I am essentially experiencing Denial of Service =
anyway... Bind 9.2.2 doesn't seem to be able to recover from exceeding the =
client limit and my message log fills up with these kinds of errors after =

Jun 13 14:33:48 ns5.ldmi.com in.named[10368]: [ID 866145 daemon.warning] =
client no more recursive clients: quota reached

I'm currently limiting at 10,000 clients... last week 3,000 was plenty.  I =
have 1 GB of memory on the server... theoretically if I have 700 MB free I =
could set the client limit to 70,000 according to the DNS/BIND book... but =
should I?

I'm getting a high number of requests for non-existent domains/records, =
according to Bind 9's stats and my own observations:

success 30335
referral 691
nxrrset 5875
nxdomain 14361
recursion 153540
failure 127764

The offending IP is requesting the same domains over and over and over.  I =
assume that our customer has an infected host that's making these requests =
and they're just merrily forwarding them all my way.  Does anyone have any =
strategies for dealing with this?  Or am I just hosed and need to deny =
requests from the customer causing the issue?

Richard Parkin
Network Engineering
LDMI Telecommunications

More information about the bind-users mailing list