Hi Dmitry, If your problem is a lot of strange queries, then there is two ways:
1. You operate an open resolver. If you can - restrict it to a limited scope of clients, otherwise the only way you can lower number of incoming queries is DPI; 2. You operate a non-open resolver. Then you can find who sending these queries and ask them to stop. 2014-02-27 9:59 GMT+04:00 Dmitry Rybin <kirg...@corbina.net>: > Over 2 weeks ago begins flood. A lot of queries: > > niqcs.www.84822258.com > vbhea.www.84822258.com > abpqeftuijklm.www.84822258.com > adcbefmzidmx.www.84822258.com > and many others. > > Bind answers with "Server failure". On high load (4 qps) all normal client > can get Servfail on good query. Or query can execute more 2-3 second. > > Recursion clients via "rnds status" 300-500. > > I can try to use rate limit: > rate-limit { > nxdomains-per-second 10; > errors-per-second 10; > nodata-per-second 10; > }; > I do not see an any improvement. > > Found one exit in this situation, add flood zones local. > > What can we do in this situation? > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Is there any problem Exterminatus cannot solve? I have not found one yet.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users