[Pdns-users] Possible DNS DOS?

bert hubert bert.hubert at netherlabs.nl
Tue Jun 23 05:47:59 UTC 2009


On Tue, Jun 23, 2009 at 12:27 AM, Chris Modesitt<chris at veracitycom.net> wrote:
> What I have been seeing recently show up in the logs is:
> Jun 22 09:09:38 dns1 pdns[10948]: 5003 questions waiting for database
> attention. Limit is 5000, respawning

This is very consistent with a (brief) spike in queries.


> Jun 22 09:09:41 dns1 pdns[10957]: Got a signal 11, attempting to print
> trace:
>
> Jun 22 09:09:41 dns1 pdns[10957]: /usr/sbin/pdns_server-instance [0x80ba397]
>
> Jun 22 09:09:41 dns1 pdns[10957]: [0xb7f83400]
>
> Jun 22 09:09:41 dns1 pdns[10957]:
> /usr/sbin/pdns_server-instance(_ZN5boost11multi_index6detail13ordered_indexINS0_13composite_keyIN11PacketCache10CacheEntryENS0_6memberIS5_SsXadL_ZNS5_5qnameEEEEENS6_IS5_tXadL_

This is the second message in two days reporting a crash in this
place. Something interesting must be going on there, will look into
it.

> After this entry PDNS is down and stays down.

If you see this happening again, can you check if all PowerDNS
processes are gone, or if one is 'hanging around', preventing a
restart?

> So a couple of questions for the group, I already have a wire shark up doing
> a long term capture (so I can see what is being sent at the server).
> However is there a way PDNS can email/notify when it dies and does not come
> back?  Also what type of information/logging should I be enabling the system
> to further diagnose or troubleshoot the issue?

Other messages had good suggestions, in general I'd advise to run
monitoring tools that provide graphs of query rates.

Another trick is to run PowerDNS like this:
# while true; do pdns_server --daemon=no ; done

But this really should not be necessary of course. I'm looking into the crash.

    Bert



More information about the Pdns-users mailing list