[Pdns-users] DDOS prevents pdns-recursor from responding regular queries
bert.hubert at netherlabs.nl
Wed Feb 5 20:37:44 UTC 2014
On Wed, Feb 05, 2014 at 09:30:40PM +0100, Rygl AleÃ
> 0.049862 188.8.131.52 -> a.b.c.d DNS Standard query A nbpqrfthvwxyz.aa.cp375.com
> 0.049872 184.108.40.206 -> a.b.c.d DNS Standard query A nbpqrfthvwxyz.aa.cp375.com
> There are random hostnames generated and the domain seemed to be existing at the time of the attack. The recursor was answering "Server
> Failure". Normally we have about 100 concurrent queries running but when this happened we had about 1000 in peaks about 2000. There is
> a pcap file of the traffic during the attack available (100kpkts). Due to random hostnames the caches were ineffective.
An important thing to note is that if you increase mthreads to 4096, you
also need to make sure you have sufficent file descriptors or PowerDNS will
indeed start sending out servfails.
Can you check how many you have available?
More information about the Pdns-users