<div dir="ltr">Hi Bert,<div><br></div><div>We have use CentOS 6.4 64-bit and install pdns-recursor 3.5.3-1 from monshouwer repository. now we have not face any ddos attack problem. but we want to update it. have we get any update via repo.</div>
<div><br></div><div>regards,</div><div><br></div><div>Murad</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 6, 2014 at 8:53 PM, bert hubert <span dir="ltr"><<a href="mailto:bert.hubert@netherlabs.nl" target="_blank">bert.hubert@netherlabs.nl</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Winfried,<br>
<br>
The updated patch for 3.5.3 can be found on<br>
<a href="https://github.com/Habbie/pdns/commit/e24b124a4c7b49f38ff8bcf6926cd69077d16ad8" target="_blank">https://github.com/Habbie/pdns/commit/e24b124a4c7b49f38ff8bcf6926cd69077d16ad8</a><br>
<br>
I'll update the blog too.<br>
<span class="HOEnZb"><font color="#888888"><br>
Bert<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Thu, Feb 06, 2014 at 02:03:49PM +0100, abang wrote:<br>
> Hello Bert,<br>
><br>
> Would you also provide the patch for the current version 3.5.3?<br>
><br>
> Winfried<br>
><br>
> Am 06.02.2014 13:10, schrieb bert hubert:<br>
> >Hi everybody,<br>
> ><br>
> >Over the past week we've been contacted by a few users reporting their<br>
> >PowerDNS Recursor became unresponsive under a moderate denial of service<br>
> >attack, one which PowerDNS should be expected to weather without issues.<br>
> ><br>
> >In the course of investigating this issue, we've found that many PowerDNS<br>
> >installations on Linux are configured to consume (far) more filedescriptors<br>
> >than are actually available, waisting resources.<br>
> ><br>
> >To check if this is the case for you, multiply the 'max-mthreads' setting by<br>
> >the 'threads' setting. Default values are 2048 and 2, leading to a<br>
> >theoretical FD consumption of 4096. Many Linux distributions default to<br>
> >1024. So, our defaults exceed the Linux defaults by a large margin!<br>
> ><br>
> >(FreeBSD defaults are far higher, and should not pose an issue).<br>
> ><br>
> >To fix, there are four options:<br>
> ><br>
> >1) Reduce max-mthreads to 512 (or threads to 1)<br>
> >2) Run 'ulimit -n 4096' before starting (perhaps put this in /etc/init.d/ script)<br>
> >3) Investigate defaults in /etc/limits.conf<br>
> >4) Apply the patch in <a href="https://github.com/PowerDNS/pdns/commit/3a8a4d68735a0465dff9623c49fb6bf45e0850d8" target="_blank">https://github.com/PowerDNS/pdns/commit/3a8a4d68735a0465dff9623c49fb6bf45e0850d8</a><br>
> ><br>
> >The patch automates 1 and 2, either raising the limit if possible, or<br>
> >reducing max-mthreads until "it fits".<br>
> ><br>
> >Thank you for your attention, and if you have results to report to us on<br>
> >previous or current DoS attacks, please contact me privately!<br>
> ><br>
> > Bert<br>
> ><br>
><br>
><br>
<br>
_______________________________________________<br>
</div></div><div class="HOEnZb"><div class="h5">Pdns-announce mailing list<br>
<a href="mailto:Pdns-announce@mailman.powerdns.com">Pdns-announce@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-announce" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-announce</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Asif Murad Khan<div>Cell: +880-1713-114230</div></div>
</div>