[80888] in North American Network Operators' Group
Re: Malicious DNS request?
daemon@ATHENA.MIT.EDU (Joe Shen)
Tue May 17 20:46:40 2005
Date: Wed, 18 May 2005 08:45:57 +0800 (CST)
From: Joe Shen <joe_hznm@yahoo.com.sg>
To: Paul Vixie <vixie@vix.com>, nanog@merit.edu
In-Reply-To: 6667
Errors-To: owner-nanog@merit.edu
Paul,
I'm sorry if this is JUST to BIND or some other
specific software. But, IMHO this is just a sample
that requests which only generate NXDOMAIN responds.
According to someone's presentation on NANOG ("DNS
anomailies and their impact on DNS Cache Server" ),
such record may be type of attack. If we only rely on
cacheing to remove paient of CPU time, cache server
load will be increased. So, what I'm tryting to ask
is , is there some mechanism proposed to deal with
such problem? BIND is just a sample.
joe
--- Paul Vixie <vixie@vix.com> wrote:
>
> joe_hznm@yahoo.com.sg (Joe Shen) writes:
>
> > I'm using BIND9.2.5 & BIND9.3.1 on two Solaris
> box,
> > each box has two CPUs installed. it's found
> BIND8.4.6
> > running on one CPU could reach the throughput of
> > BIND9.*.* running on two CPUs.
> >
> > Could we improve server throughput or lower lower
> the
> > effect of those requests on NXDOMAIN?
>
> yes. but "we" isn't nanog. can you take your
> bind-specific questions
> to a bind-related mailing list or newsgroup?
> www.isc.org has pointers.
> --
> Paul Vixie
>
__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com
