Bind vs flood
Peter Andreev
andreev.peter at gmail.com
Thu Feb 27 07:51:25 UTC 2014
Hi Dmitry,
If your problem is a lot of strange queries, then there is two ways:
1. You operate an open resolver. If you can - restrict it to a limited
scope of clients, otherwise the only way you can lower number of incoming
queries is DPI;
2. You operate a non-open resolver. Then you can find who sending these
queries and ask them to stop.
2014-02-27 9:59 GMT+04:00 Dmitry Rybin <kirgudu at corbina.net>:
> Over 2 weeks ago begins flood. A lot of queries:
>
> niqcs.www.84822258.com
> vbhea.www.84822258.com
> abpqeftuijklm.www.84822258.com
> adcbefmzidmx.www.84822258.com
> and many others.
>
> Bind answers with "Server failure". On high load (4 qps) all normal client
> can get Servfail on good query. Or query can execute more 2-3 second.
>
> Recursion clients via "rnds status" 300-500.
>
> I can try to use rate limit:
> rate-limit {
> nxdomains-per-second 10;
> errors-per-second 10;
> nodata-per-second 10;
> };
> I do not see an any improvement.
>
> Found one exit in this situation, add flood zones local.
>
> What can we do in this situation?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Is there any problem Exterminatus cannot solve? I have not found one yet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140227/2dbedb1c/attachment.html>
More information about the bind-users
mailing list