question about caching of lame servers

Kevin Darcy kcd at daimlerchrysler.com
Mon Oct 16 21:25:11 UTC 2006


Klaus Darilion wrote:
> Hi Tatuya!
>
> Thanks for your answers.
>
> JINMEI Tatuya / 神明達哉 wrote:
>   
>>> Further, I not only want to cache lame name servers, but also name 
>>> servers which are down. Is this possible?
>>>       
>> Not exactly, but the fact that a server is down is cached as
>> a penalized RTT, which makes that server less preferred in subsequent
>> server selection.
>>     
>
> Penalized RTT works fine if at least one authoritative name server is 
> working, but if all authoritative name servers are down, then this is no 
> help.
>
> Maybe I should describe the cause of my question. I am using openser as 
> SIP proxy. openser is multi threaded (fixed number of threads) and uses 
> libresolv for domain resolving. Thus, if openser resolves a domain with 
> broken name servers (either by network problems or by intention (DoS 
> attack)), openser's thread is busy until a timeout happens.
>
> This can be easily used to make a DoS attack. Probably the best solution 
> would be to use asynchronous DNS in openser, but this will not be 
> implemented soon.
>
> Do you know a solution to solve this problem in the recursive name server?
>   
What's the difference between a "down" nameserver and one that's simply 
taking a long time to respond, from a resolver's point of view? In 
practice, not a whole lot.

Perhaps the interim solution is to tune openser's lookup timeout-retry 
parameters.

                                                                         
                            - Kevin



More information about the bind-users mailing list