<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="color: rgb(0, 0, 0); font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt;">Hello,</span><br>
</div>
<div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
We have received a DDoS attack on our powerdns infrastructure. </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
The DNS requests were all non-existing records in 1 single zone.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Eg: </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
ghz2.mydomain.com</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
cdzx.mydomain.ocom</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
hh3r.mydomain.com</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
The result was that the SQL backend was overloaded with these queries and caused some of our servers not to respond to legitimate queries.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
See here an example from the SQL log:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
2021-07-13T14:50:43.459635Z 3061 Reset stmt
<div>2021-07-13T14:50:43.463172Z 3059 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='gzh1.mydomain.com' and domain_id=1280</div>
<div>2021-07-13T14:50:43.463989Z 3059 Reset stmt</div>
<div>2021-07-13T14:50:43.468001Z 3060 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='cdzx.mydomain.com' and domain_id=1280</div>
<div>2021-07-13T14:50:43.468822Z 3060 Reset stmt</div>
<div>2021-07-13T14:50:43.471102Z 3061 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='cvqi.mydomain.com' and domain_id=1280</div>
<div>2021-07-13T14:50:43.472178Z 3061 Reset stmt</div>
<div>2021-07-13T14:50:43.474985Z 3059 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='hh3r.mydomain.com' and domain_id=1280</div>
<div>2021-07-13T14:50:43.475371Z 3059 Reset stmt</div>
<div>2021-07-13T14:50:43.478971Z 3060 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='9jv9.mydomain.com' and domain_id=1280</div>
<div>2021-07-13T14:50:43.479399Z 3060 Reset stmt</div>
<div>2021-07-13T14:50:43.483063Z 3061 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='boxl.mydomain.com' and domain_id=1280</div>
2021-07-13T14:50:43.483457Z 3061 Reset stmt<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
The new zone cache feature is only caching the "domains" table, it's not caching the each record in the backend. </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Is there any way how we can ensure that powerdns is caching a complete zone in case we are encountering a random generated dns attack on our authorative DNS servers?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
Thank you,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0); font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">David</span><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
</div>
</div>
</div>
</body>
</html>