[Pdns-users] Mitigating / stopping recent Denial of Service Attacks

Peter van Dijk peter.van.dijk at netherlabs.nl
Wed Jun 4 06:09:01 UTC 2014


On 31 May 2014, at 21:23 , okTurtles <hi at okturtles.com> wrote:
> # PDNS 3.5.3 log
> I decided to pair up DNSChain with PowerDNS recursor thinking that maybe since it has been in development for a long time now that it more effectively deal with this problem, however, it seems that it's only marginally doing so.

We understand from other communications that you are forwarding all queries to Google DNS. The mitigation in PowerDNS Recursor is based on noticing queries to remote servers are failing. If it was working in this case, it would cut off your whole DNS!

> Notice:
> 	• 0% throttled

Which is good - otherwise you would lose your Google DNS upstream.

> 	• 2% cache hits

Bad, but not weird with all these random queries.

> 	• WTF is "[411B blob data]"? That's only started happened recently after it's been running for a while. It did not show this for the first hour of running.

systemd-journal bug. Presumably Recursor is sending messages with newlines in them.

Question: who is sending you these queries? Are you running an open recursor?

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140604/ce4dc179/attachment-0001.sig>

More information about the Pdns-users mailing list