How to Trace "TCP Receive Error"
Mark Andrews
Mark_Andrews at isc.org
Sun Jan 6 23:43:10 UTC 2008
> I suspect the nameserver has some sort of filtering box in
> front of it that is attempting to determine if the client
> is real or spoofed. A "real" client will try TCP on seeing
> "tc" even if this is not strictly true for UDP only
> client/stacks. This then turns just about all the UDP
> queries into TCP queries. If the nameserver behind gets
> overwhelmed with TCP connections it will start sending out
> RST. Self inflicted TCP SYN DoS. There is a reason DNS
> uses UDP in the first place.
Note: named supports "dataready" as a accept filter and has
the ability to tune the listen queue depth via named.conf.
Both of these can help minimise the impact to the server
of putting such a filtering box infont of it.
Also tuning the DNS TTL to be less than the TTL of filtering
box's state table may help if the state table's TTL gets
reset on UDP queries. If the DNS's TTL is bigger almost
all transactions will trigger the TC response.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list