Il Mon, 17 Feb 2014 15:15:49 +0100 bert hubert <[email protected]> ha scritto:
> On Mon, Feb 17, 2014 at 03:12:01PM +0100, [email protected] wrote: > > Hello list, > > I'm trying to investigate the output of my pdns recursor, > > I'm getting a lot of messages like : > > > > Ignoring answer from x.y.z.k on server socket! > > > > where x.y.z.k are various client ip addresses. > > Which version are you running? How often do you get these messages, > thousands of times? Which operating system? Are you behind NAT perhaps? Thanks Bert, I'd better describe my environment : 4 servers behind a cisco LB (managed by other people) I'm running 3.5.3-1 on debian wheezy amd64, the package was downloaded from pdns download page (so it is not the official debian package). I have about 60 of this messages every minute , on each server > > so it seems like a client is sending an answer where the > > pdns_recursor was expecting a query, reading previous > > messages I thought that this could be a ddos/amplification > > pointed at my machines. > > It could be! > > Bert reading the "Related to recent DoS attacks:" thread I also checked the max file descriptor but is seems that I'm quite far from the limit fgrep 'Max open files' /proc/$(pgrep pdns_recursor)/limits Max open files 16384 16384 files find /proc/$(pgrep pdns_recursor)/fd | wc -l 570 M. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
