limiting number of requests of a single hosts

Sten Carlsen stenc at
Fri Jun 15 15:56:37 UTC 2012

On 15/06/12 16:37, Holemans Wim wrote:
> Wim Holemans
> Netwerkdienst Universiteit Antwerpen
> Network Services University of Antwerp
> One of the problems is that these firewalls are going to be replaced soon and we don't want to spend to much effort in trying to fix what seems an annoying side-effect of something caused by a DNS system. 
> We actually captured dns traffic around our AD server and were we see an average of 500 dns packets/5s in/out in normal conditions, this drops to about 100 for 20 seconds and then rises to 2000 dns packets/5sec causing our resolving servers to send a multiple amount of requests to the outside world killing the firewall.
One thing that comes to mind is: have you traced outside the firewall
with e.g. wireshark and looked at what precedes the burst? I am thinking
maybe the firewall makes a stop in the packet flow that will then
trigger the flood? Possibly caused by some table in the firewall being
overflowed, maybe even with unrelated traffic.

In this case, only one solution is possible.
> We know changed the settings on the AD server to only use 2 of the resolving servers (which have a max recursive clients implemented) and checked the box, saying that the AD server could do his own lookups if the forwarders are not available.  
> -- Best regards Sten Carlsen No improvements come from shouting: "MALE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list