Caching nameservers dealing with dead authoritative servers
Dave Sparro
dsparro at gmail.com
Thu Sep 16 13:12:15 UTC 2010
On 9/15/2010 5:18 PM, ML wrote:
> Hi,
>
> I'm having a problem with my caching DNS servers. I'm on bind 9.4.3-p5, threads enabled (4), running gentoo 64 bits.
>
> For 2 days, I have some clients (mail servers receiving spams) issuing a lot of requests on zone hosted on dead dns server. For example :
>
> 'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583508
> 'mcacghdhcdb.herojvesterna.com' requesttime 1284583515
> 'cacghdhcdb.herojvesterna.com' requesttime 1284583515
> 'lbnsxhnlpgdafmpdneieb.herojvesterna.com' requesttime 1284583521
> 'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583528
> 'obqtujppeofqwpcoeqqbbocqvphpvfo.herojvesterna.com' requesttime 1284583534
> 'mcacghdhcdb.herojvesterna.com' requesttime 1284583535
> 'cacghdhcdb.herojvesterna.com' requesttime 1284583535
> ;'mgjnmcoxgfmfnifmebm.herojvesterna.com' requesttime 1284583537
>
> As the authoritative nameserver for this zone is dead, the answer is send after some seconds to the clients. During this time the clients could do perharps about 1000 queries on the same zone but different records. After a moment, it's like a DoS attack, my cache only DNS server doesn't answer to any query.
>
> What could I do to limit this? Is there something to "cache" that an authoritative DNS server doesn't answer??
You could use the "blackhole" ACL on the IP addresses of the auth.
servers for herojvesterna.com. That way your cache won't waste time
attempting to send queries there.
--
Dave
More information about the bind-users
mailing list