dynamic dns errors in log?
Bill Manning
bmanning at ISI.EDU
Sun Feb 25 11:09:22 UTC 2001
I don't run any DHCP, just DNS. Other goofy people are hitting my
DNS server with update requests. I have zero control over these people
their networks or their administrators. Others may have more control
over the environment and then your suggestions are roughly along the
lines suggested by Jim Reid. Either treats the symptom, not the cause.
%
% > Lets see, 10,000 machines, each attempting to update my server.
% > Sounds like a zombie DDOS to me.
% > and a pretty serious one at that.
%
% a) If you're running DHCP, the you can restrict updates to come only
% from the DHCP servers, not from 10,000 DHCP clients directly. highly
% recommended You really don't want update authority spread far and wide.
%
% b) But the above is still one DHCP server serving 10K hosts and
% updating a single reverse zone master DNS. So you should create
% child zones for the 10,000 PC's such that you segment your DHCP and
% NS authority into many zone. No single DHCP or NS server would be the
% reverse authority for all 10,000 hosts. highly recommended
%
% c) If you must use a single DHCP and DNS, you could also give the
% PC's permanent leases and reduce the update frequency.
%
% Len
%
% http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
% http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
%
%
%
--
--bill
More information about the bind-users
mailing list