> From: Denis Laventure <denis_lavent...@uqac.ca> > > Subject: RE: I'm having thousands of queries a domain isc.org and this > > increasesmy cpu percentage to 100%. That may be happening and how I > > can controlthis? is an attack? attachment of the log I made an update to > > version 9.9.2-P2 as recommended but still continuo
> I'm having the same problem but for those domains... > > hao.360.cn. > ... > 15-Apr-2013 15:00:08.485 security: info: client 117.21.187.20#52538: view e= > xternal: query (cache) 'hao.360.cn/A/IN' denied The IP address mentioned in the previous mail message does not seem to be an open recursive resolver. That and the reference to 9.9.2-P2 suggest that RRL would be a good fit and might save CPU cycles. I don't know whether this DNS server is recursive or authoritative, but that log entry suggests at least "closed". If it is closed or authoritative, then RRL in the "external" view would automatically save CPU cycles and bandwidth that would otherwise be spent sending those REFUSED responses. The best by far solution for an open recursive server being hammered (or not yet being hammered) is to close it. If you can't close it and can't afford the fancy defenses of commercial open recursive servers such as https://developers.google.com/speed/public-dns/docs/security#rate_limit RRL is a lot better than no defense. The reason RRL is not recommend for recursives server bcause RRL can slow down browsers, SMTP servers (mail receivers), and other applications that repeat DNS requests. See http://www.redbarn.org/dns/ratelimits Vernon Schryver v...@rhyolite.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
