[dnsdist] Many "NS ." requests
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Aug 26 14:06:27 UTC 2025
On Tue, Aug 26, 2025 at 02:39:00PM +0200,
Stephane Bortzmeyer via dnsdist <dnsdist at mailman.powerdns.com> wrote
a message of 20 lines which said:
> > My resolver suffers under the many "NS ." requests it receives. I
>
> > topQueries(30)
> 1 . 7906 39.5%
>
> Which is probably not normal.
Other details:
Version of dnsdist:
> showVersion()
dnsdist 2.0.0
The cache <https://www.dnsdist.org/guides/cache.html> is not full:
> getPool(""):getCache():printStats()
Entries: 121594/1000000
Hits: 50055
Misses: 224003
Deferred inserts: 64
Deferred lookups: 13
Lookup Collisions: 11
Insert Collisions: 6
TTL Too Shorts: 0
Cleanup Count: 60
topClients() show many requests from a given subnetwork. Adding
<https://www.dnsdist.org/reference/config.html#addDynamicBlock>:
addDynamicBlock('[CENSORED]:2500::','Too many requests', DNSAction.Refused, 86400, 40)
limits the used bandwidth (as shown by topBandwidth()) but not the CPU
use (almost 100 % most of the time).
More information about the dnsdist
mailing list