dynamic dns errors in log?
Len Conrad
LConrad at Go2France.com
Sun Feb 25 10:38:17 UTC 2001
> Lets see, 10,000 machines, each attempting to update my server.
> Sounds like a zombie DDOS to me.
> and a pretty serious one at that.
a) If you're running DHCP, the you can restrict updates to come only
from the DHCP servers, not from 10,000 DHCP clients directly. highly
recommended You really don't want update authority spread far and wide.
b) But the above is still one DHCP server serving 10K hosts and
updating a single reverse zone master DNS. So you should create
child zones for the 10,000 PC's such that you segment your DHCP and
NS authority into many zone. No single DHCP or NS server would be the
reverse authority for all 10,000 hosts. highly recommended
c) If you must use a single DHCP and DNS, you could also give the
PC's permanent leases and reduce the update frequency.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
More information about the bind-users
mailing list