Hello, We have received a DDoS attack on our powerdns infrastructure. The DNS requests were all non-existing records in 1 single zone.
Eg: ghz2.mydomain.com cdzx.mydomain.ocom hh3r.mydomain.com The result was that the SQL backend was overloaded with these queries and caused some of our servers not to respond to legitimate queries. See here an example from the SQL log: 2021-07-13T14:50:43.459635Z 3061 Reset stmt 2021-07-13T14:50:43.463172Z 3059 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='gzh1.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.463989Z 3059 Reset stmt 2021-07-13T14:50:43.468001Z 3060 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='cdzx.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.468822Z 3060 Reset stmt 2021-07-13T14:50:43.471102Z 3061 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='cvqi.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.472178Z 3061 Reset stmt 2021-07-13T14:50:43.474985Z 3059 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='hh3r.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.475371Z 3059 Reset stmt 2021-07-13T14:50:43.478971Z 3060 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='9jv9.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.479399Z 3060 Reset stmt 2021-07-13T14:50:43.483063Z 3061 Execute SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name='boxl.mydomain.com' and domain_id=1280 2021-07-13T14:50:43.483457Z 3061 Reset stmt The new zone cache feature is only caching the "domains" table, it's not caching the each record in the backend. Is there any way how we can ensure that powerdns is caching a complete zone in case we are encountering a random generated dns attack on our authorative DNS servers? Thank you, David
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users