Re: Question About max-clients-per-query

Fri, 18 Nov 2011 10:14:10 -0800 

Hello,

Read the BIND ARM (Admin Ref. Manual) about these settings, but here is an 
example of what I use:
        clients-per-query 10 ;
        max-clients-per-query 20 ;

http://www.isc.org/software/bind/documentation


Previously, this resource was posted on this list which is good info to have 
when investigating BIND behavior:
https://deepthought.isc.org/article/AA-00341/0

HTH


>________________________________
>From: Alan Shackelford <ashac...@jhmi.edu>
>To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
>Sent: Friday, November 18, 2011 10:32 AM
>Subject: Question About max-clients-per-query
>
>I had a situation a couple of days ago where a compromised machine in the DMZ 
>portion of my network began sending an incredible number of queries to a 
>couple of the primary internal DNS servers. The traffic was so intense that 
>legitimate queries were unable to get through, or the customer timed out 
>before the response came back. It took me a while to diagnose, because tailing 
>the logs with querylog on was not possible. The data were coming too fast for 
>my terminal to display them. Only after several Cntl-C commands was I able to 
>escape from the tail, and a portion of the logs was displayed. Only queries 
>from the compromised machine were visible. Nothing else got through during 
>that time period. My customers and bosses are naturally furious.
>
>So is it possible to limit the number of queries for one name from one client, 
>or even better, limit the number in a certain time, or the number of queries 
>"in a row" from one client. If not we are going to have to be creative with 
>some iptables or firewall rules.
>
>Thanks for any help you can lend.
>
>Alan V. Shackelford                   Sr. Systems Software Engineer
>The Johns Hopkins University and Johns Hopkins Medical Institutions
>Baltimore, Maryland USA       410-735-4773        ashac...@jhmi.edu
>
>
>
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
>from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to