[Pdns-users] DDOS prevents pdns-recursor from responding regular queries

bert hubert bert.hubert at netherlabs.nl
Wed Feb 5 20:37:44 UTC 2014


On Wed, Feb 05, 2014 at 09:30:40PM +0100, Rygl Aleš wrote:
>  0.049862 62.141.28.21 -> a.b.c.d DNS Standard query A nbpqrfthvwxyz.aa.cp375.com
>  0.049872 62.141.28.21 -> a.b.c.d DNS Standard query A nbpqrfthvwxyz.aa.cp375.com
(...)
> There are random hostnames generated and the domain seemed to be existing at the time of the attack. The recursor was answering "Server 
> Failure". Normally we have about 100 concurrent queries running but when this happened we had about 1000 in peaks about 2000. There is 
> a pcap file of the traffic during the attack available (100kpkts). Due to random hostnames the caches were ineffective.

Hi Rygl,

An important thing to note is that if you increase mthreads to 4096, you
also need to make sure you have sufficent file descriptors or PowerDNS will
indeed start sending out servfails.

Can you check how many you have available?

	Bert




More information about the Pdns-users mailing list