Can I simply set some options to block that kind of notify information
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon May 27 16:55:28 UTC 2002
David Xiao <xiao at info.sta.net.cn> wrote:
> By the random used by some users(they use one of my DNS Servers
> registered as their slave),the cpu usage of that DNS Server is very
> high.
> Because of some historical reason,there is a large amount of such kind
> of users.
> It is nearly impossible for me to ask them to revise their dns
> registeration one by one.
Then move your domain to a new server and re-delegate your domain.
> One the other hand in order to keep my server's security, I don't want
> to accept the zone file they transfer to me.
> They often send some notify information which I found in the log file
> on that server everyday.
notify messages are "normal procedure", there is no (known) security risk
associated with them.
> Can I simply set some options to block that kind of notify information
> to reduce the CPU Load or should I setup a firewall to filter that
> kind of info.
> BTW Will that kind of filter reduce the CPU load?
Make shure you have enough memory, zero paging is allowed. If that
should not be enough to resolve the loading, change CPU to something
faster ( provided you don't have any networking problems)
Allowing someone to use a nameserver as a slave is a long-time
committment, and a trust that someone has given You.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list