Vista machines DOSing our bind servers
Kirsten Petersen
kirsten.petersen at oregonstate.edu
Tue Nov 27 18:00:00 UTC 2007
Has anyone else seen this issue where Vista machines slam the name servers
with repeated requests for the same lookup? Yesterday, both of our name
servers were taken out of commission by a pair of Vista workstations on
our network that were each pushing almost 10Mb in DNS requests. A tcpdump
at the time showed that they were asking repeatedly for the same AAAA
record.
This has happened about 4 times to us in the past 3 weeks. Each time,
the machines were asking for different domain names, totally unrelated.
So, I don't believe there is anything special about the record itself.
The machines have been scanned for viruses and malware, of course, and
came up clean. The owners of the machines were not even present when the
incident occurred.
I have read through this thread on Educause:
http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind07&L=netman&D=0&T=0&P=27697
More information about the bind-users
mailing list