On 8/29/2010 5:22 AM, Agarwal Vivek-RNGB36 wrote:
Hi All
I am using ISC-BIND 9.3.4 as a DNS Server. Im facing an issue that Im
getting lot of Queries as like<Root>: type NS, class IN. This is
leading to high CPU Utilization of my system. Can anyone help me that
how can I solve this issue and why these requests will be coming
Are those queries literally the word "<Root>" (6 characters), or are you
attempting to represent in your post the root node "." (0 characters,
since there is an implied "dot" at the end of every DNS name), which is
the top of the DNS namespace hierarchy?
If it's NS queries of the root node, then those are natural and normal,
if anyone has your nameserver set as a "global" forwarder in their
config, or a source of root "hints".
If you don't wish to be used as a forwarder or "hints" source then, as
another poster suggested, you could implement some access controls. But,
I would add the caveat: if you have several nameservers that are being
used in this way, turning off one of them may simply shift the traffic
to one or more of the others, and this could make your CPU-utilization
situation even *worse*. If you intend on instituting access controls,
you might want to consider implementing the same controls on *all* of
the nameservers in the same set *simultaneously*, in order to head off
such problems. Depending on your setup and organization, this may be
logistically difficult to pull off.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
