named running wild

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sat Feb 2 09:39:12 UTC 2002 

	BIND 8.3.1 will be out RSN to address this.  It's responding
	badly to this misconfiguration.

1324.   [bug]           certian bad delegations could result in a DNS storm.

	Mark

> I've got an odd situation.
> 
> I'm running bind 8.3.0 on several FreeBSD machines.  I frequently notice
> that named is running a lot more than usual -- normally, when running
> "top", it's using less than 1% of available CPU, but at these odd times,
> I'll see it using 5-15% instead. 
> 
> Whenever I see this happening, I've sent named a USR1 and watched the
> named.run file.  I'll see the following:
> 
> sysquery: send -> [192.35.51.30].53 dfd=4 nsid=3931 id=0 retry=1012062621
> datagram from [192.31.80.30].53, fd 4, len 136
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65248
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;;      ns3.yourlasthost.com.AikensLaughs.com, type = A, class = IN
> AikensLaughs.com.       2D IN NS        NS2.YOURLASTHOST.com.
> AikensLaughs.com.       2D IN NS        NS1.YOURLASTHOST.com.
> NS2.YOURLASTHOST.com.   2D IN A         216.98.138.176
> NS1.YOURLASTHOST.com.   2D IN A         209.126.152.210
> update failed AikensLaughs.com 2
> resp: nlookup(ns3.yourlasthost.com.AikensLaughs.com) qtype=1
> resp: found 'ns3.yourlasthost.com.AikensLaughs.com' as 'AikensLaughs.com' (c
> name
> =0)
> 
> 
> I end up seeing dozens of these per second.  If I restart named,
> the problem goes away for a couple hours.
> 
> All I need to do to start the problem running again is to do a 
> "host AikensLaughs.com".
> 
> I ended up putting the following in my named.conf:
> 
> 
> server 216.98.138.176 {
>         bogus yes;
> };
> server 209.126.152.210 {
>         bogus yes;
> };
> 
> 
> Now I can't look up that domain, (which is fine with me!), and it
> appears to make the problem go away.
> 
> I don't recall having any problems like this before I upgraded to
> 8.3.0.
> 
> I'm assuming that there's something wrong with the config of the
> servers at YOURLASTHOST.com.  Running doc against AikensLaughs.com
> seems to find some problems.
> 
> My real question is, even if something is broken over there, should I
> be having this problem at my end?  It looks to me as if named gets
> stuck in a loop trying to resolve this domain.  Is adding broken
> name servers to my config something I'll just need to get used to 
> doing?
> 
> If I've not explained things well enough, let me know.
> 
> -Bill
> 
> 
> --
> Bill O'Hanlon                                                   wmo at pro-ns.n
> et
> Professional Network Services, Inc.                             612-379-3958
> http://www.pro-ns.net
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list