DoS after routing problem

[Paul v. Empelen]

Hi All,

We recently had a strange problem here:
When we started BIND, the server was using 100% CPU load after about 
two minutes. Most DNS requests timed out. Even requests for authoritative
domains. I tried everything, even downgrading from V8 to V4, but
the problem still came back.

It appeared that the cause was very simple. The DNS could not resolve the
U.S. sites because of a routing problem. I don't know what exactly happens, 
but I guess that BIND has a limit of the number of unanswered requests or so, 
and it stopped responding.

Finally, I found a quick fix and forwarded all requests to a DNS in another AS,
(using forwarers). This solved the problem.

Now I was wondering if I can prevend that the nameserver will hang itself up.
If it can't reach some DNS servers, that's fine. The users can't reach those 
sites anyway. What I don't like is that even local domains are not resolveable
anymore.

Any help is welcome.

Paul.