Luckily my machines have enough horsepower not to shut down from this but I have on occasion seen the CPU load start going up due to it. On lowered powered machines this would likely cause what you're seeing.
If you're running a firewall (external device or iptables on Linux) the best way to deal with this is to determine the IP or IP range that is hammering you and simply blacklist it (drop its packets). If you're not running a firewall you can blacklist the IPs in named.conf. In options insert a line like: blackhole { blackhats; }; Then create an acl called blackhats with the IPs or range you want to drop: acl "blackhats" { x.x.x.x; x.x.x/22; }; In the above first x.x.x.x would be a single IP and the x.x.x/22 would be an entire 22 CIDR for a given network. -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Dylan Martin Sent: Friday, January 15, 2010 11:41 PM To: bind-users@lists.isc.org Subject: Server overwhelmed by rejections? I recently had an odd occurrence with my DNS servers. I have two servers that act as caching resolvers for a community college and authoritative for the college's domain. A few days ago they both stopped working for about 15 minutes. The only clue I've been able to find is my logs contain an unusual number of rejected querys right before the outage. By unusual, I mean around 300 in 2 seconds when a busy one-second span might contani 25 entries normally. These requests were rejected because they originated from an IP address for which recursive queries are forbidden. Has anyone heard of excessive rejections causing an outage? Is there anything I can do to prevent this kind of thing from happening again? I'm pretty sure this was just a fluke, but I worry what would happen if a disgruntled student wanted to launch a DOS. Thanks! -Dylan _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users