[Pdns-users] Mitigating / stopping recent Denial of Service Attacks
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Jun 4 06:09:01 UTC 2014
On 31 May 2014, at 21:23 , okTurtles <hi at okturtles.com> wrote:
> # PDNS 3.5.3 log
> I decided to pair up DNSChain with PowerDNS recursor thinking that maybe since it has been in development for a long time now that it more effectively deal with this problem, however, it seems that it's only marginally doing so.
We understand from other communications that you are forwarding all queries to Google DNS. The mitigation in PowerDNS Recursor is based on noticing queries to remote servers are failing. If it was working in this case, it would cut off your whole DNS!
> • 0% throttled
Which is good - otherwise you would lose your Google DNS upstream.
> • 2% cache hits
Bad, but not weird with all these random queries.
> • WTF is "[411B blob data]"? That's only started happened recently after it's been running for a while. It did not show this for the first hour of running.
systemd-journal bug. Presumably Recursor is sending messages with newlines in them.
Question: who is sending you these queries? Are you running an open recursor?
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Pdns-users