[17023] in bugtraq
Re: DNS PTR surveying
daemon@ATHENA.MIT.EDU (antirez)
Tue Oct 3 13:50:03 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="huq684BweRXVnRxX"
Content-Disposition: inline
Message-Id: <19970122150151.D473@antiz.marmoc.net>
Date: Wed, 22 Jan 1997 15:01:51 +0100
Reply-To: antirez@linuxcare.com
From: antirez <antirez@LINUXCARE.COM>
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001001082833.30757.qmail@cr.yp.to>; from djb@CR.YP.TO on Sun,
Oct 01, 2000 at 08:28:33AM -0000
--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sun, Oct 01, 2000 at 08:28:33AM -0000, D. J. Bernstein wrote:
> A big, fast survey will kill a BIND cache, because BIND dies when it
> runs out of memory. BIND 9 won't die, but it will stop caching new data,
You should be able to kill bind and other dns cache software even
faster using for example IN A query to name that does not exist for sure,
better using RANDOM.some.domain.net with some.domain.net DNS slow or down.
> so performance goes down the toilet. Unless you're trying to take down
> somebody's DNS service, you should use the dnscache program included in
> the djbdns package; dnscache smoothly discards old data.
I'm developing a DNS cache for embedded systems, I used the same behaviour
(i.e. if the forwarded-requests-queue is full, discard the oldest and insert
the new request, the same for the cache queue), but this seems to enough
(Who is able to stop DoS?).
To assign very low cache TTL to 'negative' responses may help, anyway
it's quite hard to weigh the queue size of the forwarded requests and
the expiration time to avoid problems. Another variable is the amount
of data to discard when we run out of memory. The simple drop-one & insert-one
algorithm may not be optimal.
attached a trivial program that performs IN A RANDOM.some.domain requests.
antirez
--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
--huq684BweRXVnRxX
Content-Type: application/x-gunzip
Content-Disposition: attachment; filename="query-flood.c.gz"
Content-Transfer-Encoding: base64
H4sICI8d5jIAA3F1ZXJ5LWZsb29kLmMAjVRtT9swEP6c/IpbEcN5oU140aSVVqoGe9G0TWL7
NECVF7vUInVC7HQrE/99ZzstbSiMSJHt5+4eP3c+e0fILK8ZhxOlmSi606G/8wAtVE8vSq42
Ycm1wL8n5CZOq5L2jGULLOmMK1495ldFdtOOqKVANS1fXQl53cZYLn4ZzBdSg+o3I5dsXLOS
zAvBICyp2SEGaxJ3PAbkqjNc4NaUsQpCXTizLnIuA/+vD81nwIrrOc2Rewk6AAZ2I10QFcNy
D8efxGAYHVt/Pa6u5Irv3qmdUSGJmdDqOoshm1IUFOJiboR4La1jIUHRvu+tK/NskNNwcZwe
XDV2h4yxCANIEPt4Njo9O4dwijkPgLhlGDR+S56QFUYTenQuk+TNjchzJhVOD/FoO1gHT0yA
GLXwagCHAaBKr8TT0RPSqRW95m9hV8GJKIdwUhaVHl7KTmzSm18kV1gPz+N/hCapmWIRPGVK
aduAjN6PP309+xHD92/vPo9PP5yPvmA5jaPZEx0HsJ+6HVsctKuEHE/oTOQL5GuI+iuLEYL4
VBdSEaoLQaygg6sgeHAyFe4qO6CvaWU7d66p0b46TKzh/vC2cpXdAIsyK7A7Hxso3QLqbAtY
mRNL2+C28FrWirNtFE+IuGVZUcuHUqRBW6VcOrRDpXrKQqs1i7/D+ARrBxWVbPQTyF6yBxEQ
syQB7CJwt7ePYJQGQeB7v6ci58Se6pLUs6y2b1c9HEWmc2Z8lpUL4tDIXLdi0jRyENuGPUrw
w347Dv7nHx3H4HrdPgl4WYlbBpHtKy98Ig61DprsnnM7eJnb4cvcjjbdnk8saufjapPgny5H
rNGRTXPjPbMP5/pztp530uKN8U5uvk/4mrxWdBWpqL1eXi+EWuWclyQ1x4M3GsKeubn3/j8M
QHoVggYAAA==
--huq684BweRXVnRxX--
