BIND 9.4.x and max-clients-per-query
Fr34k
freaknetboy at yahoo.com
Mon Sep 8 17:13:53 UTC 2008
Hello,
"07-Sep-2008 19:47:14.187 resolver: clients-per-query increased to 70"
70 clients per query seems pretty high to me.
I think slow, and bogus, lookups can contribute to this.
In our environment, we use:
clients-per-query 10 ;
max-clients-per-query 20 ;
I would also check that the network is clean: no interface errors on server or switch, etc.
There may also be bots, and such, driving up DNS traffic in attempts to propagate abuse.
Typically, hundreds of MX lookups from DHCP workstations indicate such malware infections.
Once upon a time, someone pointed me to a Surf net document on using DNS as IDS -- which has some other great ideas.
Anyway, the goal is innoculating infected hosts to stop bogus traffic.
I hope this helps.
----- Original Message ----
From: Jan Arild Lindstrøm <jal at telenor.net>
To: bind-users at isc.org
Sent: Monday, September 8, 2008 6:38:58 AM
Subject: BIND 9.4.x and max-clients-per-query
Hi,
we got serveral recursive BIND 9.4.x servers running with the following option set
in named.conf:
recursive-clients 50000;
More information about the bind-users
mailing list