Interoperability with QIP
Tom Limoncelli
tal at plts.org
Tue Jan 11 02:07:44 UTC 2000
QIP is a DNS server that has pre-standard support for IXFR (they don't
claim that it will talk to anything but another QIP servers until the
standard is final and they update the software).
No problem... BIND users can just disable IXFR for zone transfers to
QIP servers.
However, when they do that QIP connects, gets rejected, and only
half-closes the connection. As a result, the BIND server accumulates
tons of FIN_WAIT_1 connections. Eventually the kernel table will fill
and the machine will crash.
It looks like a denial of service attack.
I called the QIP folks and they said that the problem doesn't exist in
BIND 8.1.* but I'm not really interested in downgrading.
Any suggestions?
Some details:
The zone transfers are:
Master: BIND 8.2.2-P5
Slave: QIP 5.0 build 12.
--tal
--
Tom Limoncelli -- http://mars.superlink.net/user/tal -- tal at plts.org
"Cautious, careful people, always casting about to preserve their reputation
and social standing, can never bring about a reform." Susan B Anthony
More information about the bind-workers
mailing list