Malicious DNS request?

Joe Shen joe_hznm at yahoo.com.sg
Wed May 18 00:45:57 UTC 2005


Paul,

I'm sorry if this is JUST to BIND or some other
specific software. But, IMHO this is just a sample
that requests which only generate NXDOMAIN responds.

According to someone's presentation on NANOG ("DNS
anomailies and their impact on DNS Cache Server" ),
such record may be type of attack. If we only rely on
cacheing to remove paient of CPU time, cache server
load will be  increased. So, what I'm tryting to ask
is , is there some mechanism proposed to deal with
such problem? BIND is just a sample.

joe

--- Paul Vixie <vixie at vix.com> wrote:
> 
> joe_hznm at yahoo.com.sg (Joe Shen) writes:
> 
> > I'm using BIND9.2.5 & BIND9.3.1 on two Solaris
> box,
> > each box has two CPUs installed. it's found
> BIND8.4.6
> > running on one CPU could reach the throughput of
> > BIND9.*.* running on two CPUs. 
> > 
> > Could we improve server throughput or lower lower
> the
> > effect of those requests on NXDOMAIN? 
> 
> yes.  but "we" isn't nanog.  can you take your
> bind-specific questions
> to a bind-related mailing list or newsgroup? 
> www.isc.org has pointers.
> -- 
> Paul Vixie
> 

__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com



More information about the NANOG mailing list