Malicious DNS request?
Brad Knowles
brad at stop.mail-abuse.org
Wed May 18 01:39:35 UTC 2005
At 8:45 AM +0800 2005-05-18, Joe Shen wrote:
> I'm sorry if this is JUST to BIND or some other
> specific software. But, IMHO this is just a sample
> that requests which only generate NXDOMAIN responds.
Do a DNS query for
slartibartfastisacharacterinamoviewrittenbydouglasadamsthathasnotgottenverygoodreviewslatelyandisbasedontheoriginalBBCradioshowandtheresultingBBCtvminiseries.com,
and you'll probably get an NXDOMAIN. Indeed, query for any other
non-existent domain, and you'll get an NXDOMAIN response. That's
what it means.
> According to someone's presentation on NANOG ("DNS
> anomailies and their impact on DNS Cache Server" ),
> such record may be type of attack.
NXDOMAIN == Attack?
Please show me how you arrive at that logic.
> If we only rely on
> cacheing to remove paient of CPU time, cache server
> load will be increased. So, what I'm tryting to ask
> is , is there some mechanism proposed to deal with
> such problem? BIND is just a sample.
Well, only caching servers have to worry about getting an
NXDOMAIN response back. Authoritative-only servers may have to worry
about sending them out, but that's pretty cheap. Indeed, it's pretty
cheap for the caching servers to handle getting them.
Yes, bad clients can abuse either caching servers or
authoritative-only servers by doing things that result in a lot of
NXDOMAIN responses, but that falls in the category of the programmers
doing whatever is possible to protect themselves and their code
against whatever kind of abuse gets hurled at them by poorly-behaved
clients.
As far as that goes, that's a generic problem, and in the case of
nameservers there are appropriate places to discuss this sort of
thing -- such as the namedroppers mailing list.
Now, if you want to drag BIND into this picture as a specific
example, there are appropriate places to discuss that, too -- such as
the bind-users mailing list, or maybe one of the developer-oriented
BIND mailing lists.
But none of these places are NANOG, and this discussion doesn't
belong here -- either in the general case of nameservers, or in the
specific case of BIND.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the NANOG
mailing list