I'm curious as to whether this is a DoS scenario for unbound: looking at my requestlist, I see:
~# unbound-control dump_requestlist | egrep '(trassae95.com|kizilyagoda.com)' 14 AAAA IN ns1.trassae95.com. - iterator wait for (empty_list) 19 AAAA IN ns1.kizilyagoda.com. - iterator wait for (empty_list) 30 AAAA IN ns2.trassae95.com. - iterator wait for 200.65.141.192 37 AAAA IN ns2.kizilyagoda.com. - iterator wait for 201.172.22.103 44 AAAA IN ns3.trassae95.com. - iterator wait for (empty_list) 46 AAAA IN ns3.kizilyagoda.com. - iterator wait for (empty_list) 50 AAAA IN ns4.trassae95.com. - iterator wait for (empty_list) 52 AAAA IN ns4.kizilyagoda.com. - iterator wait for (empty_list) 102 A IN bihjgiajc.kizilyagoda.com. 24.987797 iterator wait for (empty_list) 105 A IN bcdbciidgb.kizilyagoda.com. 5.753630 iterator wait for 121.94.2.105 106 A IN bigggjhdaj.kizilyagoda.com. 36.242830 iterator wait for (empty_list) 107 A IN cefbhcbfej.kizilyagoda.com. 18.705449 iterator wait for (empty_list) 108 A IN cibdhgghee.trassae95.com. 46.999489 iterator wait for (empty_list) 153 MX IN bidfgcgcb.trassae95.com. 43.033308 iterator wait for (empty_list) 154 MX IN eijcecafg.kizilyagoda.com. 14.677905 iterator wait for (empty_list) 156 MX IN jiheheceb.kizilyagoda.com. 23.593555 iterator wait for (empty_list) 159 MX IN bafcebjjfd.trassae95.com. 56.225519 iterator wait for (empty_list) 160 MX IN bbjbhegbdd.trassae95.com. 6.782797 iterator wait for 201.173.217.27 161 MX IN beehifddij.trassae95.com. 32.657037 iterator wait for (empty_list) 163 MX IN chgeecgjei.trassae95.com. 42.891975 iterator wait for (empty_list) 164 MX IN chggafffeg.trassae95.com. 57.039805 iterator wait for (empty_list) 165 MX IN cibdhgghee.trassae95.com. 29.959160 iterator wait for (empty_list) 166 MX IN cjcfdgahdd.kizilyagoda.com. 42.532783 iterator wait for (empty_list) 167 MX IN dbibddegca.kizilyagoda.com. 24.534594 iterator wait for (empty_list) 168 MX IN ddidejiidj.trassae95.com. 17.606406 iterator wait for (empty_list) 169 MX IN dhcfgjahdg.trassae95.com. 14.205446 iterator wait for (empty_list) 210 AAAA IN dbjajadij.kizilyagoda.com. 18.589665 iterator wait for (empty_list) 211 AAAA IN effjgciba.kizilyagoda.com. 10.629990 iterator wait for 201.172.22.103 212 AAAA IN bcdbciidgb.kizilyagoda.com. 23.751077 iterator wait for (empty_list) 213 AAAA IN bcjgdedhgf.kizilyagoda.com. 49.471699 iterator wait for (empty_list) 227 ANY IN daebjfbif.trassae95.com. 37.545012 iterator wait for (empty_list) 228 ANY IN fggjjijag.trassae95.com. 1.158926 iterator wait for 76.17.135.60 229 ANY IN hehfbadjf.trassae95.com. 58.035129 iterator wait for (empty_list) 230 ANY IN jjfhbaadd.trassae95.com. 16.369137 iterator wait for (empty_list) 231 ANY IN dbcigchgee.kizilyagoda.com. 26.548473 iterator wait for (empty_list) 232 ANY IN deeehjifcg.trassae95.com. 56.486064 iterator wait for (empty_list) 233 ANY IN djdijbiabc.trassae95.com. 13.935859 iterator wait for (empty_list) 234 ANY IN ebhdhfbijh.kizilyagoda.com. 30.264298 iterator wait for (empty_list) 235 ANY IN ecciiidfib.trassae95.com. 47.413911 iterator wait for (empty_list) 236 ANY IN ecgbhaabic.trassae95.com. 8.157523 iterator wait for 200.65.141.192 looking at actual traffic shows: 10:40:49.888111 IP a.b.c.d.60389 > 121.94.2.105.53: 64660 MX? eccjahaace.kizilyagoda.com. (44) 10:40:49.889058 IP a.b.c.d.39768 > 201.172.22.103.53: 46921 AAAA? beafbbggag.kizilyagoda.com. (44) 10:40:49.938592 IP a.b.c.d.12451 > 201.172.22.103.53: 38084 MX? bcahcieedg.kizilyagoda.com. (44) 10:40:50.076585 IP e.f.g.h.33264 > n.s.n.s.53: 10782+ MX? eccjahaace.kizilyagoda.com. (44) 10:40:50.076743 IP a.b.c.d.4904 > 121.94.2.105.53: 48147 MX? eccjahaace.kizilyagoda.com. (44) 10:40:50.091747 IP a.b.c.d.34322 > 41.140.225.74.53: 33096 ANY? cbgdhefegh.kizilyagoda.com. (44) 10:40:50.145489 IP a.b.c.d.16663 > 200.65.141.192.53: 2701% AAAA? ns2.trassae95.com. (35) 10:40:50.146577 IP a.b.c.d.28988 > 41.140.225.74.53: 31688 ANY? dahgabajea.kizilyagoda.com. (44) 10:40:50.152974 IP a.b.c.d.38972 > 97.93.83.32.53: 39798% AAAA? ns2.kizilyagoda.com. (37) 10:40:50.191253 IP a.b.c.d.41846 > 201.172.22.103.53: 33606 MX? ceehjahebd.kizilyagoda.com. (44) 10:40:50.199559 IP a.b.c.d.21348 > 41.140.225.74.53: 16574 MX? jgbiehbdf.kizilyagoda.com. (43) 10:40:50.223359 IP a.b.c.d.52152 > 201.172.22.103.53: 52049 A? djjbafbifh.kizilyagoda.com. (44) 10:40:50.290392 IP a.b.c.d.63374 > 41.140.225.74.53: 3752 MX? daefiegdi.kizilyagoda.com. (43) 10:40:50.313030 IP a.b.c.d.30161 > 121.94.2.105.53: 56993 AAAA? daefiegdi.kizilyagoda.com. (43) 10:40:50.319424 IP a.b.c.d.6357 > 121.94.2.105.53: 14855 A? ehbdcdddh.kizilyagoda.com. (43) 10:40:50.381734 IP a.b.c.d.7965 > 200.65.141.192.53: 8121% AAAA? ns2.trassae95.com. (35) 10:40:50.441657 IP a.b.c.d.46522 > 192.41.162.30.53: 33130% [1au] AAAA? ns2.kizilyagoda.com. (48) 10:40:50.445861 IP a.b.c.d.61172 > 76.17.135.60.53: 29773 MX? bdbdiaicag.trassae95.com. (42) 5 minutes later, my requestlist looks like this: ~# unbound-control dump_requestlist | egrep '(trassae95.com|kizilyagoda.com)' 17 AAAA IN ns1.trassae95.com. - iterator wait for (empty_list) 31 AAAA IN ns2.trassae95.com. - iterator wait for 85.87.67.158 35 AAAA IN ns2.kizilyagoda.com. - iterator wait for 97.93.83.32 44 AAAA IN ns3.trassae95.com. - iterator wait for (empty_list) 52 AAAA IN ns4.trassae95.com. - iterator wait for (empty_list) 109 A IN chaiigdgij.kizilyagoda.com. 2.938054 iterator wait for 121.94.2.105 110 A IN dfgegjgheb.trassae95.com. 33.070671 iterator wait for (empty_list) 121 NS IN trassae95.com. 29.149289 iterator wait for (empty_list) 142 MX IN daefiegdi.kizilyagoda.com. 1.451479 iterator wait for 121.94.2.105 143 MX IN eajheadji.trassae95.com. 56.069476 iterator wait for (empty_list) 145 MX IN bfigbabiej.trassae95.com. 1.128736 iterator wait for 76.17.135.60 146 MX IN bicejjaaha.trassae95.com. 56.627532 iterator wait for (empty_list) 148 MX IN cgfahaehff.trassae95.com. 28.788023 iterator wait for (empty_list) 150 MX IN cgjghfbibg.kizilyagoda.com. 7.776240 iterator wait for 97.93.83.32 151 MX IN chifiabbga.trassae95.com. 74.762737 iterator wait for (empty_list) 152 MX IN cibdhgghee.trassae95.com. 49.946996 iterator wait for (empty_list) 153 MX IN ddcajcbbid.trassae95.com. 92.546959 iterator wait for (empty_list) 155 MX IN djhhifdfdf.trassae95.com. 51.565734 iterator wait for (empty_list) 171 AAAA IN ns2.trassae95.com. 171.901942 iterator wait for (empty_list) 172 AAAA IN ns2.kizilyagoda.com. 173.880025 iterator wait for 97.93.83.32 199 ANY IN bacfddaec.trassae95.com. 62.756320 iterator wait for (empty_list) 200 ANY IN bidfgcgcb.trassae95.com. 20.974421 iterator wait for (empty_list) 201 ANY IN fhhghbdgj.trassae95.com. 22.437517 iterator wait for (empty_list) 202 ANY IN fidhefgef.trassae95.com. 81.784578 iterator wait for (empty_list) 204 ANY IN iicghjjbh.trassae95.com. 80.217386 iterator wait for (empty_list) 205 ANY IN baciichfaf.trassae95.com. 97.818403 iterator wait for (empty_list) 206 ANY IN bcdhcbhdhd.trassae95.com. 36.057696 iterator wait for (empty_list) 207 ANY IN bdfjccbfid.trassae95.com. 83.410361 iterator wait for (empty_list) 208 ANY IN beigaechai.trassae95.com. 39.789720 iterator wait for (empty_list) 209 ANY IN bfjdaegcbh.trassae95.com. 70.373285 iterator wait for (empty_list) 210 ANY IN bggjedjgaj.trassae95.com. 83.499413 iterator wait for (empty_list) 211 ANY IN bhjefajcfh.trassae95.com. 59.355704 iterator wait for (empty_list) 212 ANY IN caggfacejc.trassae95.com. 12.913211 iterator wait for 85.87.67.158 213 ANY IN cccefhebda.trassae95.com. 87.274155 iterator wait for (empty_list) 214 ANY IN chcaicdbch.trassae95.com. 31.757918 iterator wait for (empty_list) 215 ANY IN cibddgcfcf.kizilyagoda.com. 3.366306 iterator wait for 41.140.225.74 216 ANY IN cibhijiebi.trassae95.com. 24.905496 iterator wait for (empty_list) 217 ANY IN ciejfeggcb.trassae95.com. 97.829665 iterator wait for (empty_list) 218 ANY IN cjecdegihh.trassae95.com. 80.917676 iterator wait for (empty_list) 219 ANY IN cjfecbjaic.kizilyagoda.com. 5.613406 iterator wait for 121.94.2.105 221 ANY IN dbbgceigfd.trassae95.com. 19.365606 iterator wait for (empty_list) 222 ANY IN ddhehjafii.trassae95.com. 10.641170 iterator wait for 85.87.67.158 223 ANY IN decachgfhe.trassae95.com. 26.143278 iterator wait for (empty_list) 224 ANY IN dhjcjijcgd.trassae95.com. 41.855551 iterator wait for (empty_list) 225 ANY IN diifjhdiff.trassae95.com. 86.451828 iterator wait for (empty_list) 226 ANY IN djefjhaadc.trassae95.com. 35.928452 iterator wait for (empty_list) 227 ANY IN ecfdabgfea.trassae95.com. 105.531254 iterator wait for (empty_list) Could this (with enough zombies) explain a sudden rise in waiting/dropped requests? Is there anything I can do to protect unbound against this? Kind regards, Felix -- Felix Schüren Head of Network ----------------------------------------------------------------------- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller (*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus den dt. Mobilfunknetzen _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
