*all* servers for domain unreachable - bind bottleneck
Ladislav Vobr
lvobr at ies.etisalat.ae
Tue May 18 12:50:23 UTC 2004
I just did a simple test, i configured 5 fake unreachable nameservers
for ladislav.name.ae.
$ dig ladislav.name.ae ns
; <<>> DiG 9.2.3 <<>> ladislav.name.ae ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53147
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;ladislav.name.ae. IN NS
;; AUTHORITY SECTION:
ladislav.name.ae. 10800 IN NS fake1.ladislav.name.ae.
ladislav.name.ae. 10800 IN NS fake2.ladislav.name.ae.
ladislav.name.ae. 10800 IN NS fake3.ladislav.name.ae.
ladislav.name.ae. 10800 IN NS fake4.ladislav.name.ae.
ladislav.name.ae. 10800 IN NS fake5.ladislav.name.ae.
;; ADDITIONAL SECTION:
fake1.ladislav.name.ae. 10800 IN A 10.1.1.1
fake2.ladislav.name.ae. 10800 IN A 10.2.2.2
fake3.ladislav.name.ae. 10800 IN A 10.3.3.3
fake4.ladislav.name.ae. 10800 IN A 10.4.4.4
fake5.ladislav.name.ae. 10800 IN A 10.5.5.5
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 18 16:27:48 2004
;; MSG SIZE rcvd: 214
after issuing SINGLE udp request for something.ladislav.name.ae to
anyone of our caching servers, and snooping for the traffic I got
surprising 126 (one hundred twenty six) packets send to all 5
nameservers, which of course all timeout and all took slots in the bind
internall queue, how the snoop will look if you issue not a single
request but 10/100/1000 such a requests per second consistently not for
90 seconds but for days...........btw, piece of cake for malicious
software (viruses/trojans...) with hardcoded domain names... doesn't it
worth at least loging if not TEMPORARILY bogusing as well...... hard to
hear people saying this is rare this is not rare at all, it is public
caching server daily nightmare today...
client$ dig something.ladislav.name.ae @ns3.emirates.net.ae +tries=1
ns3.emirates.net.ae# /usr/sbin/snoop -r 10.1.1.1 or 10.2.2.2 or 10.3.3.3
or 10.4.4.4 or 10.5.5.5
Using device /dev/hme (promiscuous mode)
194.170.1.99 -> 10.2.2.2 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.3.3.3 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.4.4.4 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.1.1.1 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.5.5.5 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.2.2.2 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.4.4.4 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.1.1.1 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.5.5.5 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C something.ladislav.name.ae. Internet
Addr ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.3.3.3 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.4.4.4 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.1.1.1 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.5.5.5 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (38) ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.4.4.4 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.1.1.1 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.5.5.5 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.2.2.2 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake1.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake2.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake3.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake4.ladislav.name.ae. Internet
Unknown (28) ?
194.170.1.99 -> 10.3.3.3 DNS C fake5.ladislav.name.ae. Internet
Unknown (28) ?
Ladislav
More information about the bind-users
mailing list