Bugtraq mailing list archives
Re: DNS PTR surveying
From: antirez <antirez () linuxcare com>
Date: Wed, 22 Jan 1997 15:01:51 +0100
On Sun, Oct 01, 2000 at 08:28:33AM -0000, D. J. Bernstein wrote:
A big, fast survey will kill a BIND cache, because BIND dies when it runs out of memory. BIND 9 won't die, but it will stop caching new data,
You should be able to kill bind and other dns cache software even faster using for example IN A query to name that does not exist for sure, better using RANDOM.some.domain.net with some.domain.net DNS slow or down.
so performance goes down the toilet. Unless you're trying to take down somebody's DNS service, you should use the dnscache program included in the djbdns package; dnscache smoothly discards old data.
I'm developing a DNS cache for embedded systems, I used the same behaviour (i.e. if the forwarded-requests-queue is full, discard the oldest and insert the new request, the same for the cache queue), but this seems to enough (Who is able to stop DoS?). To assign very low cache TTL to 'negative' responses may help, anyway it's quite hard to weigh the queue size of the forwarded requests and the expiration time to avoid problems. Another variable is the amount of data to discard when we run out of memory. The simple drop-one & insert-one algorithm may not be optimal. attached a trivial program that performs IN A RANDOM.some.domain requests. antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Attachment:
query-flood.c.gz
Description:
Current thread:
- DNS PTR surveying D. J. Bernstein (Oct 01)
- Re: DNS PTR surveying antirez (Oct 03)
- Re: DNS PTR surveying a007 (Oct 08)
- Re: DNS PTR surveying antirez (Oct 03)