Named requests filling up T1
Simon 'corecode' Schubert
corecode at fs.ei.tum.de
Tue Jan 17 05:14:04 PST 2006
Steve Suhre wrote:
> Thanks, I think that's what I was looking for. I expect the "ISP" is in
> another country somewhere and would be hard to reach, if they could be
> reached at all. And it's probably a bad reference somewhere to the
> server here, so shutting of recursive queries could help... If I shut
> named off for an hour or two they go away, so I'm guessing the offending
> server switches to the secondary and gets what it's looking for?
In any case you should only allow recursive queries for your trusted
clients and/or downstream nameservers which forward to you.
Otherwise
a) you produce outgoing traffic when some stranger wants to
b) your dns cache can easily be poisoned because of a)
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
More information about the freebsd-hackers
mailing list