I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-P2 as recommended but still conti...
Phil Mayers
p.mayers at imperial.ac.uk
Tue Apr 16 13:34:32 UTC 2013
On 16/04/13 14:28, Denis Laventure wrote:
>> Instead of blocking the source (which aren't even real - they're
>> spoofed) why not just block access to your recursive resolver on port 53.
>
> I need my DNS server to resolve for my authoritative domain, I have 30+ domains here I can't block acces to port 53.
(replying on-list for posterity)
Ah, it's a shared auth/recursive. In which case that's probably the best
you can do. Just be aware these IPs are probably spoofed - they are the
victims - so you should have some process to expire them over time.
FWIW this is one reason not to mix auth/recursive on the same server; it
tempts you to use the same IP.
More information about the bind-users
mailing list