[Pdns-users] Ignoring answer from server socket!

Mario Caruso caruso at tiscali.com
Mon Feb 17 14:35:24 UTC 2014


Il Mon, 17 Feb 2014 15:15:49 +0100
bert hubert <bert.hubert at netherlabs.nl> ha scritto:

> On Mon, Feb 17, 2014 at 03:12:01PM +0100, caruso at tiscali.com wrote:
> > Hello list,
> > I'm trying to investigate the output of my pdns recursor,
> > I'm getting a lot of messages like :
> > 
> > Ignoring answer from x.y.z.k on server socket!
> > 
> > where x.y.z.k are various client ip addresses.

> 
> Which version are you running? How often do you get these messages,
> thousands of times? Which operating system? Are you behind NAT perhaps?

Thanks Bert,
I'd better describe my environment :

4 servers behind a cisco LB (managed by other people)
I'm running 3.5.3-1 on debian wheezy amd64, the package was 
downloaded from pdns download page (so it is not the official 
debian package).

I have about 60 of this messages every minute , on each server

> > so it seems like a client is sending an answer where the 
> > pdns_recursor was expecting a query, reading previous 
> > messages I thought that this could be a ddos/amplification
> > pointed at my machines.
> 
> It could be!
> 
> 	Bert

reading the "Related to recent DoS attacks:" thread I also checked 
the max file descriptor but is seems that I'm quite far from the limit

fgrep 'Max open files' /proc/$(pgrep pdns_recursor)/limits 
Max open files            16384                16384                files     

find  /proc/$(pgrep pdns_recursor)/fd | wc -l
570

M.




More information about the Pdns-users mailing list