DNS issue

[Kevin Darcy]

On 8/29/2010 5:22 AM, Agarwal Vivek-RNGB36 wrote:
> Hi All
>
> I am using ISC-BIND 9.3.4 as a DNS Server. Im facing an issue that Im
> getting lot of Queries as like<Root>: type NS, class IN. This is
> leading to high CPU Utilization of my system. Can anyone help me that
> how can I solve this issue and why these requests will be coming
>
>    

Are those queries literally the word "<Root>" (6 characters), or are you 
attempting to represent in your post the root node "." (0 characters, 
since there is an implied "dot" at the end of every DNS name), which is 
the top of the DNS namespace hierarchy?

If it's NS queries of the root node, then those are natural and normal, 
if anyone has your nameserver set as a "global" forwarder in their 
config, or a source of root "hints".

If you don't wish to be used as a forwarder or "hints" source then, as 
another poster suggested, you could implement some access controls. But, 
I would add the caveat: if you have several nameservers that are being 
used in this way, turning off one of them may simply shift the traffic 
to one or more of the others, and this could make your CPU-utilization 
situation even *worse*. If you intend on instituting access controls, 
you might want to consider implementing the same controls on *all* of 
the nameservers in the same set *simultaneously*, in order to head off 
such problems. Depending on your setup and organization, this may be 
logistically difficult to pull off.



                                                                         
                                                                         
                                                                     - Kevin