[Pdns-users] Ignoring answer from server socket!
caruso at tiscali.com
Mon Feb 17 14:35:24 UTC 2014
Il Mon, 17 Feb 2014 15:15:49 +0100
bert hubert <bert.hubert at netherlabs.nl> ha scritto:
> On Mon, Feb 17, 2014 at 03:12:01PM +0100, caruso at tiscali.com wrote:
> > Hello list,
> > I'm trying to investigate the output of my pdns recursor,
> > I'm getting a lot of messages like :
> > Ignoring answer from x.y.z.k on server socket!
> > where x.y.z.k are various client ip addresses.
> Which version are you running? How often do you get these messages,
> thousands of times? Which operating system? Are you behind NAT perhaps?
I'd better describe my environment :
4 servers behind a cisco LB (managed by other people)
I'm running 3.5.3-1 on debian wheezy amd64, the package was
downloaded from pdns download page (so it is not the official
I have about 60 of this messages every minute , on each server
> > so it seems like a client is sending an answer where the
> > pdns_recursor was expecting a query, reading previous
> > messages I thought that this could be a ddos/amplification
> > pointed at my machines.
> It could be!
reading the "Related to recent DoS attacks:" thread I also checked
the max file descriptor but is seems that I'm quite far from the limit
fgrep 'Max open files' /proc/$(pgrep pdns_recursor)/limits
Max open files 16384 16384 files
find /proc/$(pgrep pdns_recursor)/fd | wc -l
More information about the Pdns-users