No subject
Tue Apr 2 00:56:56 UTC 2013
keeps sending the DNS query.
If this is not some programming error, I might consider this to be
some kind of Denial-of-Service attack.
To keep the healthy of our DNS server, we could do nothing but use the
BIND ACL by putting the suspected query sites into the Bogus list.
BTW, we also found another kind of DNS queries (or attacks ?) being
issued continuously.
- Some user program keeps sending DNS queries to some remote IP addr.
WITHOUT the corresponding PTR RR defined.
That make the CPU load goes high, too.
It seemt that BIND 8.x has implemented the Negative Cache feature.
I wonder why the NCache feature could NOT take care of this.
Is there something special ?
Anyway, here is one example concerning zero TTL entries.
---------------------------------------------------------
ns1% dig www.hchs.tpc.edu.tw
; <<>> DiG 8.3 <<>> www.hchs.tpc.edu.tw
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;; www.hchs.tpc.edu.tw, type = A, class = IN
;; ANSWER SECTION:
www.hchs.tpc.edu.tw. 15m14s IN CNAME proxy.hchs.tpc.edu.tw.
proxy.hchs.tpc.edu.tw. 3m27s IN A 163.20.20.129
;; AUTHORITY SECTION:
hchs.tpc.edu.tw. 0S IN NS dns.hchs.tpc.edu.tw.
;; ADDITIONAL SECTION:
dns.hchs.tpc.edu.tw. 0S IN A 163.20.20.1
;; Total query time: 16 msec
;; FROM: ns1 to SERVER: default -- 127.0.0.1
;; WHEN: Fri Apr 21 16:20:12 2000
;; MSG SIZE sent: 37 rcvd: 122
--
* Joe. C.S.Chen, cschen at cc.nctu.edu.tw
Computer & Network Center of National Chiao Tung University, Taiwan
More information about the bind-users
mailing list