discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Sharp increase in DNS traffic.
- Date: Sun, 19 Jun 2011 20:28:25 -0600
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
We've had some small bits of discussion on IRC over the weekend regarding a flood of MX queries that result in errors. If you do any sort of logging on your server, see if you can pick out any trends.
One known issue to check for that might account for your sudden activity... check to see if you have large blocks of DNS activity that all come in on port 25345 and are looking for isc.org. If you are seeing this, someone is trying to use your server in an attempt to DDOS the creators of BIND (don't ask why, nobody has been able to figure that out)... I have a bash script you can run in the background that will automatically add and expire iptables rules to control the flow, however it requires that you have a log file showing the offending IP addresses. Send me an email or catch me on IRC if you need to use this.
On 06/19/2011 06:11 PM, mike wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Any other ops noticing a sharp increase in DNS traffic since late
yesterday or so?
I don't keep any logs, so I can't give a detailed report, but 'named'
CPU usage has climbed significantly along with UDP traffic on port 53.
I'm just trying to estimate if this is a trend or if this is a once-time
event of some sort. If it's a trend then I probably need to start
budgeting for some hardware upgrades at some point, my DNS is running
only on a single core, 32-bit 2GHz CPU @ 1.5 GB RAM. I've got plenty of
RAM, but 'named' since perhaps around midnight last night has the CPU
pegged at 45-55%.
- --Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJN/pAzAAoJEEzVYN3s3Af756UH/jFFzka/me9wTgGoLqaOvPYe
tw38BQ0pNM3CM3gS6VGrQkQhKm5zXhC4VIOcGrRTYjLRD8KGkgJHrH6TuHRNGTHG
5J1eJSnUtwLXmCzSH4gU088L1uAuNcXSQnAqzubpItLcyc2TANU6o7OHhEtuSE/q
tmAQvT2ikeQR9v5OUlIabsaq7zj2OWv41FjDU5MTo9dQ/aftMBx6/r9LH01aBnEl
1gKilUnYO6maxKo32oHioKiYOzPF5+TIYWhZWUk8wzxeovCT0vBu6t6WSPajxJpH
kEHwoQA8tse8A+BsdorQenzhNuUyAxkoCamfDeKm1AL16lk+e9IDg77ApTEm1rg=
=ioyy
-----END PGP SIGNATURE-----
_______________________________________________
discuss mailing list
discuss AT lists.opennicproject.org
http://lists.darkdna.net/mailman/listinfo/discuss
- [opennic-discuss] [NS0] Extended downtime, Julian DeMarchi, 06/13/2011
- Re: [opennic-discuss] [NS0] Extended downtime, Julian DeMarchi, 06/13/2011
- Re: [opennic-discuss] [NS0] Extended downtime, Zach Gibbens, 06/15/2011
- [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., Jeff Taylor, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., Jeff Taylor, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- [opennic-discuss] Sharp increase in DNS traffic., mike, 06/19/2011
- Re: [opennic-discuss] [NS0] Extended downtime, Zach Gibbens, 06/15/2011
- Re: [opennic-discuss] [NS0] Extended downtime, Julian DeMarchi, 06/13/2011
Archive powered by MHonArc 2.6.19.