selecttest tool

JINMEI Tatuya / 神明達哉 Jinmei_Tatuya at isc.org
Fri Aug 15 18:02:34 UTC 2008 

At Thu, 14 Aug 2008 10:46:18 -0500,
Walter Gould <gouldwp at auburn.edu> wrote:

> I have found my problem. Your above statement "it seems to be handling a 
> high volume of queries (several thousands concurrent clients)" was right 
> on target. I decided to look more closely at the traffic that was 
> hitting our server (I know our number of recursive clients didn't use to 
> be in the thousands).
> 
> Using dnstop (a pretty useful tool) and tcpdump, we found that 4 spam 
> filtering servers we have on campus were performing many, many thousands 
> of recursive lookups against our primary DNS server. While this was 
> happening during the peak hours (9am to 3pm) our DNS server couldn't 
> keep up with the recursive requests. Unintentionally, it was being DoS'd.
> 
> Once we notified the admin's who maintains these spam filtering servers 
> that they were overloading our server, they changed their servers to 
> distribute DNS resolution across two or three other campus DNS servers 
> as well as the primary server that I admin. Since they have done that, 
> performance on our primary server has been much better and the number of 
> recursive clients has been in the 60-100 range.
> 
> I have to believe that they changed their DNS settings to point 
> primarily to our server about the same time that the Kaminsky 
> vulnerability was released. I know before that time frame, we never had 
> an issue with high numbers of recursive clients.
> 
> Thank you Jinmei and the others on the BIND mailing list for your help 
> in trying to diagnose and solve my problem. I am sorry to have bothered 
> you all when it was really a "me" problem. ISC - you guys rock. Keep up 
> the great work!!

You're welcome.  I'm glad to hear it worked.

Just FYI: according to the above problem description, I guess most of
the "DoS" queries resulted in bogus results, many of which are
timeouts.  If so, beta versions should work even better (along with
its other performance enhancements) since it aborts time-consuming
queries while the number of concurrent queries exceeds a quota.  So,
you may want to take a closer look at it once these versions are
sufficiently stabilized.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

More information about the bind-users mailing list