Hi, I'm having a problem with my caching DNS servers. I'm on bind 9.4.3-p5, threads enabled (4), running gentoo 64 bits.
For 2 days, I have some clients (mail servers receiving spams) issuing a lot of requests on zone hosted on dead dns server. For example : 'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583508 'mcacghdhcdb.herojvesterna.com' requesttime 1284583515 'cacghdhcdb.herojvesterna.com' requesttime 1284583515 'lbnsxhnlpgdafmpdneieb.herojvesterna.com' requesttime 1284583521 'uewchcvqhvnavkevhavecvbcvxevudvr.herojvesterna.com' requesttime 1284583528 'obqtujppeofqwpcoeqqbbocqvphpvfo.herojvesterna.com' requesttime 1284583534 'mcacghdhcdb.herojvesterna.com' requesttime 1284583535 'cacghdhcdb.herojvesterna.com' requesttime 1284583535 ;'mgjnmcoxgfmfnifmebm.herojvesterna.com' requesttime 1284583537 As the authoritative nameserver for this zone is dead, the answer is send after some seconds to the clients. During this time the clients could do perharps about 1000 queries on the same zone but different records. After a moment, it's like a DoS attack, my cache only DNS server doesn't answer to any query. What could I do to limit this? Is there something to "cache" that an authoritative DNS server doesn't answer?? Regards David _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
