I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-P2 as recommended but still conti...

Phil Mayers p.mayers at imperial.ac.uk
Tue Apr 16 13:34:32 UTC 2013


On 16/04/13 14:28, Denis Laventure wrote:
>> Instead of blocking the source (which aren't even real - they're
>> spoofed) why not just block access to your recursive resolver on port 53.
>
> I need my DNS server to resolve for my authoritative domain, I have 30+ domains here I can't block acces to port 53.

(replying on-list for posterity)

Ah, it's a shared auth/recursive. In which case that's probably the best 
you can do. Just be aware these IPs are probably spoofed - they are the 
victims - so you should have some process to expire them over time.

FWIW this is one reason not to mix auth/recursive on the same server; it 
tempts you to use the same IP.


More information about the bind-users mailing list