Exceeding recursive client limit
Rich Parkin
RParkin at ldmi.com
Mon Jun 13 18:52:13 UTC 2005
I'm getting hammered with recursive requests... I have no doubt that if I =
weren't limiting them, they'd consume all of the memory on my server and =
crash it.
My problem is that I am essentially experiencing Denial of Service =
anyway... Bind 9.2.2 doesn't seem to be able to recover from exceeding the =
client limit and my message log fills up with these kinds of errors after =
awhile:
Jun 13 14:33:48 ns5.ldmi.com in.named[10368]: [ID 866145 daemon.warning] =
client 12.1.83.2#44244: no more recursive clients: quota reached
I'm currently limiting at 10,000 clients... last week 3,000 was plenty. I =
have 1 GB of memory on the server... theoretically if I have 700 MB free I =
could set the client limit to 70,000 according to the DNS/BIND book... but =
should I?
I'm getting a high number of requests for non-existent domains/records, =
according to Bind 9's stats and my own observations:
success 30335
referral 691
nxrrset 5875
nxdomain 14361
recursion 153540
failure 127764
The offending IP is requesting the same domains over and over and over. I =
assume that our customer has an infected host that's making these requests =
and they're just merrily forwarding them all my way. Does anyone have any =
strategies for dealing with this? Or am I just hosed and need to deny =
requests from the customer causing the issue?
Richard Parkin
CCNA
Network Engineering
LDMI Telecommunications
More information about the bind-users
mailing list