minimize impact of NXDOMAIN queries
Joe Shen
joe_hznm at yahoo.com.sg
Fri May 27 01:29:45 UTC 2005
I take your advice and overlook the continuous
NXDOMAIN in our DNS cache server in past days. But, I
noticed an sharp increase of CPU load last night(user
CPU time increase from 3.5% to 60.48%). At the same
time, successful resolution decrease abruptly(from
90k/5min to 16k/min), the NXDOMAIN request increase
from about 3k/5min to 16.52k/5min, failed queries
increase from 1.91k/5min to 25k/5min.
The phenomon last about 2 hours which generate a step
in our monitoring graph. I take it a obvious DoS
attack.
So, is there a way to defense such type of attack?
Joe
--- Brad Knowles <brad at stop.mail-abuse.org> wrote:
> At 11:35 AM +1000 2005-05-18, Mark Andrews wrote:
>
> > What's the problem. 78 nxdomain/sec is not a
> lot.
>
> Correct. Ancient Pentium-133 laptops with 48MB of
> RAM and
> originally shipped with a 1GB hard drive
> (state-of-the-art about ten
> years ago), running BIND-9 on reasonably recent
> versions of FreeBSD
> can easily sustain query rates much higher than
> this. More modern
> machines should be able to easily sustain query
> rates into the
> thousands of queries per second.
>
> --
> Brad Knowles, <brad at stop.mail-abuse.org>
>
> "Those who would give up essential Liberty, to
> purchase a little
> temporary Safety, deserve neither Liberty nor
> Safety."
>
> -- Benjamin Franklin (1706-1790), reply of the
> Pennsylvania
> Assembly to the Governor, November 11, 1755
>
> SAGE member since 1995. See
> <http://www.sage.org/> for more info.
>
__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com
More information about the bind-users
mailing list