question about caching of lame servers
Kevin Darcy
kcd at daimlerchrysler.com
Mon Oct 16 21:25:11 UTC 2006
Klaus Darilion wrote:
> Hi Tatuya!
>
> Thanks for your answers.
>
> JINMEI Tatuya / 神明達哉 wrote:
>
>>> Further, I not only want to cache lame name servers, but also name
>>> servers which are down. Is this possible?
>>>
>> Not exactly, but the fact that a server is down is cached as
>> a penalized RTT, which makes that server less preferred in subsequent
>> server selection.
>>
>
> Penalized RTT works fine if at least one authoritative name server is
> working, but if all authoritative name servers are down, then this is no
> help.
>
> Maybe I should describe the cause of my question. I am using openser as
> SIP proxy. openser is multi threaded (fixed number of threads) and uses
> libresolv for domain resolving. Thus, if openser resolves a domain with
> broken name servers (either by network problems or by intention (DoS
> attack)), openser's thread is busy until a timeout happens.
>
> This can be easily used to make a DoS attack. Probably the best solution
> would be to use asynchronous DNS in openser, but this will not be
> implemented soon.
>
> Do you know a solution to solve this problem in the recursive name server?
>
What's the difference between a "down" nameserver and one that's simply
taking a long time to respond, from a resolver's point of view? In
practice, not a whole lot.
Perhaps the interim solution is to tune openser's lookup timeout-retry
parameters.
- Kevin
More information about the bind-users
mailing list