bind918 malfunction?
Ondřej Surý
ondrej at isc.org
Sat Sep 7 20:27:14 UTC 2024
Hey everyone,
thanks for bringing this up to our attention.
I would ask - if you have specific examples of domain names that fail to resolve with cold cache, please either record them to the issue that Thomas filled: https://gitlab.isc.org/isc-projects/bind9/-/issues/4921 or send them here. It would help us to look how we can change the limits in a way that it doesn’t hurt legitimate traffic, but limit the impact of malicious actors.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 7. 9. 2024, at 9:53, Andreas S. Kerber via bind-users <bind-users at lists.isc.org> wrote:
>
> Am Fri, Sep 06, 2024 at 09:27:21PM +0200 schrieb Ondřej Surý:
>> Anyway - since you are hitting the 32 limit, perhaps bumping the limit to 100 (the value before) would help in your case? I am guessing the resolver is being used for a limited set of clients and the chance of this specific abuse is quite low.
>>
>> https://bind9.readthedocs.io/en/v9.18.29/notes.html#notes-for-bind-9-18-29
>
> Hi,
>
> FYI our MTA rejection rate went up since updating from 9.18.28 to 9.18.29.
> We're still troubleshooting and consider raising the limit back to 100.
>
> Here's a list of PTRs which you might be interested in.
> If the resolver cache is flushed, some of these names fail to resolve (SERVFAIL) at first and after wating a bit the names start to resolve. At least some of these names seem quite legitimate and I can't say if each of their zone setup is the culprit or the recursion limit is simply to low.
>
> 81.92.89.120.in-addr.arpa
> 254.29.9.128.in-addr.arpa
> 155.231.35.129.in-addr.arpa
> 193.115.9.154.in-addr.arpa
> 187.122.9.154.in-addr.arpa
> 251.161.92.159.in-addr.arpa
> 226.162.92.159.in-addr.arpa
> 74.34.71.161.in-addr.arpa
> 243.35.71.161.in-addr.arpa
> 161.36.71.161.in-addr.arpa
> 152.113.247.162.in-addr.arpa
> 55.239.235.168.in-addr.arpa
> 116.224.82.172.in-addr.arpa
> 196.123.96.176.in-addr.arpa
> 5.25.220.185.in-addr.arpa
> 155.86.58.185.in-addr.arpa
> 222.86.58.185.in-addr.arpa
> 116.111.104.194.in-addr.arpa
> 105.208.11.194.in-addr.arpa
> 113.228.181.194.in-addr.arpa
> 64.255.37.194.in-addr.arpa
> 180.47.162.205.in-addr.arpa
> 21.81.63.212.in-addr.arpa
> 80.144.171.213.in-addr.arpa
> 200.101.118.23.in-addr.arpa
> 208.55.247.37.in-addr.arpa
> 158.201.74.41.in-addr.arpa
> 158.205.74.41.in-addr.arpa
> 133.76.21.64.in-addr.arpa
> 181.147.118.82.in-addr.arpa
> 182.147.118.82.in-addr.arpa
> 149.116.187.90.in-addr.arpa
> 140.248.184.91.in-addr.arpa
> 64.224.198.91.in-addr.arpa
> 145.116.53.92.in-addr.arpa
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240907/17a10a6d/attachment.htm>
More information about the bind-users
mailing list