Caching nameservers dealing with dead authoritative servers
ML
ml at netplus.ch
Wed Sep 15 21:18:26 UTC 2010
Hi,
I'm having a problem with my caching DNS servers. I'm on bind 9.4.3-p5, threads enabled (4), running gentoo 64 bits.
For 2 days, I have some clients (mail servers receiving spams) issuing a lot of requests on zone hosted on dead dns server. For example :
'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583508
'mcacghdhcdb.herojvesterna.com' requesttime 1284583515
'cacghdhcdb.herojvesterna.com' requesttime 1284583515
'lbnsxhnlpgdafmpdneieb.herojvesterna.com' requesttime 1284583521
'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583528
'obqtujppeofqwpcoeqqbbocqvphpvfo.herojvesterna.com' requesttime 1284583534
'mcacghdhcdb.herojvesterna.com' requesttime 1284583535
'cacghdhcdb.herojvesterna.com' requesttime 1284583535
;'mgjnmcoxgfmfnifmebm.herojvesterna.com' requesttime 1284583537
As the authoritative nameserver for this zone is dead, the answer is send after some seconds to the clients. During this time the clients could do perharps about 1000 queries on the same zone but different records. After a moment, it's like a DoS attack, my cache only DNS server doesn't answer to any query.
What could I do to limit this? Is there something to "cache" that an authoritative DNS server doesn't answer??
Regards
David
More information about the bind-users
mailing list