At 8:45 AM +0800 2005-05-18, Joe Shen wrote:
I'm sorry if this is JUST to BIND or some other
specific software. But, IMHO this is just a sample
that requests which only generate NXDOMAIN responds.
Do a DNS query for
slartibartfastisacharacterinamoviewrittenbydouglasadamsthathasnotgottenverygoo
Paul,
I'm sorry if this is JUST to BIND or some other
specific software. But, IMHO this is just a sample
that requests which only generate NXDOMAIN responds.
According to someone's presentation on NANOG ("DNS
anomailies and their impact on DNS Cache Server" ),
such record may be type of attack.
[EMAIL PROTECTED] (Joe Shen) writes:
> I'm using BIND9.2.5 & BIND9.3.1 on two Solaris box,
> each box has two CPUs installed. it's found BIND8.4.6
> running on one CPU could reach the throughput of
> BIND9.*.* running on two CPUs.
>
> Could we improve server throughput or lower lower the
> effe
Sorry to attach the "rndc stats" result.
I run "rndc stats" continuously( interval is less than
2 seconds), it's shown:
success 17950622
referral 225680
nxrrset 1691861
nxdomain 11203490
recursion 3648017
failure 1363923
...
--- Statistics Dump --- (1116319437)
+++ Statistic
Sorry to attach the "rndc stats" result.
I run "rndc stats" continuously( interval is less than
2 seconds), it's shown:
success 17950622
referral 225680
nxrrset 1691861
nxdomain 11203490
recursion 3648017
failure 1363923
...
--- Statistics Dump --- (1116319437)
+++ Statistic
Hi,
thanks for your help.
I noticed that the requests of those non-exist domain
name disappeared yesterday. But the NXDOMAIN record in
named.stats keep increasing. ( see attachment)
I'm using BIND9.2.5 & BIND9.3.1 on two Solaris box,
each box has two CPUs installed. it's found BIND8.4.6
running
Tunneling IP over DNS - Dan Kaminsky's ozymandns project.
One source of really strange DNS packets I've seen is Dan Kaminsky's
experiments with tunneling IP over DNS , which he presented at
Codecon, Defcon, and other places. Dan has often done Really Twisted
Things With Packets, and once you've
At 11:26 AM -0400 2005-05-12, [EMAIL PROTECTED] wrote:
It's often suggested that you have *two* DNS setups - one that only answers
requests from inside for recursion and caching, and an authoritative one that
faces out and refuses to recurse.
The original question from Joe Shen said that a remo
On Thu, 12 May 2005 16:43:07 +0200, Brad Knowles said:
> At 12:41 PM +0400 2005-05-12, Gadi Evron quoted Joe Shen:
> > I'd suggest dropping requests for domains you don't hold.
> That's kind of hard to do if you're running a recursive/caching
> nameserver.
Well.. are you running a recursiv
At 12:41 PM +0400 2005-05-12, Gadi Evron quoted Joe Shen:
How could such request be filtered or minimize its
affaction on DNS server?
Either this is a DDoS (woohoo!! I used the forbidden word) or you are
seeing a botnet trying to connect and putting in some smoke-screen while
at it to try and
Joe Shen wrote:
> Hi,
>
> In past days I noticed the nxdomain statistics in
> named.stats keeps increasing.( I run it every 5 min)
>
> By tcpdump, it's found a remote computer keep asking
> address for record like
> 999d38e693b9e6293b450.0existence.com,
> 60d38e693b9e6293b450.0be6c1xfa.net.
>
On 5/12/05, Joe Shen <[EMAIL PROTECTED]> wrote:
> By tcpdump, it's found a remote computer keep asking
> address for record like
> 999d38e693b9e6293b450.0existence.com,
> 60d38e693b9e6293b450.0be6c1xfa.net.
>
> is that a virus affacted computer?
Sure looks like some kind of massmailer trojan, or
Hi,
In past days I noticed the nxdomain statistics in
named.stats keeps increasing.( I run it every 5 min)
By tcpdump, it's found a remote computer keep asking
address for record like
999d38e693b9e6293b450.0existence.com,
60d38e693b9e6293b450.0be6c1xfa.net.
is that a virus affacted computer?
13 matches
Mail list logo