[Pdns-users] Apparent DoS
PowerDNS User
pdns-list at phlippers.net
Wed Dec 7 00:52:34 UTC 2005
Hello,
I am a recent convert from BIND and I am quite happy with PowerDNS. Since I
installed pdns about a month ago, however, I have suffered 3 serious crashes
which have brought the server down. A stroll through /var/log/messages
reveals the following:
----------------------------------------------------
Dec 6 15:09:15 as pdns[12924]: Not authoritative for 'z.mpisi.com', sending
servfail to 205.234.158.217 (recursion was desired)
Dec 6 15:09:35 as pdns[12927]: Not authoritative for 'z.mpisi.com', sending
servfail to 205.234.158.217 (recursion was desired)
Dec 6 15:09:55 as pdns[12992]: Not authoritative for 'z.mpisi.com', sending
servfail to 205.234.158.217 (recursion was desired)
Dec 6 15:10:15 as pdns[3936]: Not authoritative for 'z.mpisi.com', sending
servfail to 205.234.158.217 (recursion was desired)
Dec 6 15:10:35 as pdns[12924]: Not authoritative for 'z.mpisi.com', sending
servfail to 205.234.158.217 (recursion was desired)
----------------------------------------------------
The following IP addresses are just a few that have appeared with this
message:
66.225.225.225
69.31.111.2
64.202.110.2
193.27.78.210
66.254.101.30
I have no idea who z.mpisi.com is and I certainly do not have any entries in
my database for them, yet my server is being hit every 20 seconds or so until
there are too many connections and they entire server must be rebooted.
For a month now, every request has been for z.mpisi.com and comes from a
variety of IP address. Is there an option somewhere that I can limit the
connections or ignore bad hostnames or something to prevent this again? Could
this be a known worm attacking pdns servers?
Thanks for your help.
- pdnsu
More information about the Pdns-users
mailing list