[Pdns-users] pdns server fails every morning when it starts getting used.
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jan 8 09:40:57 UTC 2015
> > I've got a pdns server at one site that is causing me massive headaches.
> > Every morning when the staff come in and start using it (and were not talking
> > large numbers) it fails to serve external dns and has to be restarted
> > (usually) or rebooted.
>
> Which version of PowerDNS do you run?
>
> The recursor you specify is in fact an open recursor. This means it is
> likely participating on DNS reflection attacks, and might therefore be slow
> at times. From here (in europe at least) is is very slow, so the timeout
> may actually be real.
Recursors that are being used for attacks often have problems - this
is well known. We have been monitoring our PowerDNS recursors for
quite a while with a very simple script which logs, via crontab every
minute, the number of open sockets for the recursor:
#! /bin/sh
# Find approximate queue length for pdns_recursor, based on number of open sockets
d=`date +'%Y%m%d %H:%M'` ; echo -n $d ""
fstat -p `cat /var/run/pdns_recursor.pid` | wc -l
During <random>.domain attacks we often see the number of open sockets
increase dramatically - and this correlates well with slow(er) replies
to clients. Monitoring this, and lately also via the PowerDNS "Graphing
as a service" offer,
http://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/
has significantly improved our ability to handle these attacks.
Steinar Haug, AS 2116
More information about the Pdns-users
mailing list