Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-P2 as recommended but still conti...

[Phil Mayers]

On 16/04/13 14:28, Denis Laventure wrote:
Instead of blocking the source (which aren't even real - they're
spoofed) why not just block access to your recursive resolver on port 53.

I need my DNS server to resolve for my authoritative domain, I have 30+ domains 
here I can't block acces to port 53.

(replying on-list for posterity)

Ah, it's a shared auth/recursive. In which case that's probably the best 
you can do. Just be aware these IPs are probably spoofed - they are the 
victims - so you should have some process to expire them over time.

FWIW this is one reason not to mix auth/recursive on the same server; it 
tempts you to use the same IP.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users