DNS DOS increasing?

Rob Evans rhe at nosc.ja.net
Mon Jan 21 17:53:57 UTC 2002


> I'm curious to see how other OSes react to these attacks.  My guess is that
> BSD systems (such as FreeBSD and BSDi) will react similarly to the Solaris
> based on my past experience with these systems.  So I am curious too see if
> the RR record "loss" is an OS specific behaviour, especially since Redhat
> has priors in misplacing information in earlier versions of the OS.

Slightly related to that; at the RIPE meeting last week, RIPE NCC
described a DNS server testbed that they had produced, primarily to
test a new authoritative nameserver.  As an experiment, it was run with
BIND 8.2.5 on both FreeBSD and Linux.  The performance of the FreeBSD
system under bursty loads was significantly better than Linux (on the
same system?) for moderate-to-high loads.

The presentation should eventually be available under:
    http://www.ripe.net/ripe/meetings/archive/ripe-41/presentations.html#dns
(but it isn't there yet)

I'm not sure if the returned data was analysed in any depth, but Evi
Nemeth's talk at the next NANOG could be interesting if the title is
anything to go by...

Cheers,
Rob



More information about the NANOG mailing list