Re: [Pdns-users] ANY+Reflection Attacks?
El feb 25, 2015 5:25 AM, Michael Ströder mich...@stroeder.com escribió: Ciro Iriarte wrote: 2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com: Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, Well, never mind. After all, those are legitimate clients and there seems to be a firewall with connection tracking issues. What's unexpected to me is having TCP requests, I was expecting only UDP traffic from end users. DNSSEC used? Ciao, Michael. As far as I remember, pdns-recursor doesn't support DNSSEC. Regards, Ciro ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Optimize Powerdns and Mysql for DB with 500K entries
Hi Guys, I appreciate there are optimization tips on the website, however I wondered if there are any specific tips for optimization when dealing with a records table or associated view of 500K rows in a Mysql backend database on a Virtual Centos Machine with 2 x 3Ghz processors, 1GB RAM and 20GB Memory. I am seeing some slow responses in terms of using dig to perform NAPTR record lookups. Any help would be great. Many thanks Jon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Reply-To Change?
On Mon, Feb 23, 2015 at 12:48:49PM -0600, Nicholas Williams wrote: PowerDNS's users list (and possibly the other lists—I'm not on those) is the only list I use (and I'm on a LOT of dev/user mailing lists) where hitting reply replies to the person who sent the email. Every other list I'm on, messages are modified by the list software to include a Reply-To header containing the list's address so that hitting reply _only_ puts the list's address in the recipient field and hitting Reply All isn't necessary. http://www.unicom.com/pw/reply-to-harmful.html Most of the mailing lists I am on don't munge Reply-To. I'd say, the vast majority, this being the opposite of your experience. I must be on a different intraweb then. That being said, kindly use your mail reader's list reply function. Decent software has such a function. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things.Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600420 ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Optimize Powerdns and Mysql for DB with 500K entries
Hi, I have 3 PowerDNS instances running with the MySQL backend across 4 DNS servers. The largest has 1,883,763 domains with 9,736,133 records (With all instances combined there is a total of 21M rows in the records table). The only things I have done for performance are: - All tables are InnoDB - All DNS servers have 16GB or more of memory, InnoDB buffer pool size is at least 10GB on each - MySQL 5.6 (actually running Percona, upgrading from 5.5 to 5.6 gave me a slight performance increase) - InnoDB file format is barracuda, tables are compressed with 4KB page size With table compression my largest instance uses a total of 750mb on disk. The minimum specs for my DNS servers are: - 2 x E5-2620 CPU (6 cores + hyperthreading each) - 16GB of RAM - 2 x 15K SAS in RAID 1 With the 3 power DNS instances + unbound instance for caching name server the load average on the servers is less than 1, there is no IO wait. Each DNS server is handling an average of 6,714 queries per second across the 3 PowerDNS instances and Unbound. Using dnsscope for my biggest instance I can see that I get these stats: 0.01% of questions answered within 50 usec (0.01%) 51.67% of questions answered within 100 usec (51.67%) 60.11% of questions answered within 200 usec (8.44%) 60.40% of questions answered within 300 usec (0.29%) 60.70% of questions answered within 400 usec (0.30%) 63.85% of questions answered within 800 usec (3.14%) 67.78% of questions answered within 1000 usec (3.93%) 97.93% of questions answered within 2.00 msec (30.15%) 99.71% of questions answered within 4.00 msec (1.78%) 99.97% of questions answered within 8.00 msec (0.26%) 100.00% of questions answered within 32.00 msec (0.03%) 100.00% of questions answered within 64.00 msec (0.00%) 0 responses (0.00%) older than 2 seconds Average non-late response time: 569.60 usec What kind of statistics are you seeing? Do you get large amounts of I/O wait on the server? Is your mysql innodb buffer pool size large enough to hold the entire table in RAM? Chris On 26/02/2015 2:40 AM, Jonathan Hunter wrote: Hi Guys, I appreciate there are optimization tips on the website, however I wondered if there are any specific tips for optimization when dealing with a records table or associated view of 500K rows in a Mysql backend database on a Virtual Centos Machine with 2 x 3Ghz processors, 1GB RAM and 20GB Memory. I am seeing some slow responses in terms of using dig to perform NAPTR record lookups. Any help would be great. Many thanks Jon ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Proper response to PING on pipe backend.
Hi, I am implementing a pipe backend for pdns. What is the proper response to the PING command? The documentation at https://doc.powerdns.com/md/authoritative/backend-pipe/#pipebackend-protocol does not say. I would assume it is PONG but the list of acceptable answer tags does not contain PONG, leading me to belive it would be either just END or DATA\tPONG END In advance, thanks. best regards, -geir -- View this message in context: http://powerdns.13854.n7.nabble.com/Proper-response-to-PING-on-pipe-backend-tp11341.html Sent from the PowerDNS mailing list archive at Nabble.com. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] ANY+Reflection Attacks?
Ciro Iriarte wrote: 2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com: Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client 10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes. Is this usual?, is there anyway to identify the attackers?. The service is working fine and we have in our roadmap constant packed capture for data mining but I find this behaviour new/interesting today :) Any comments? Regards, Well, never mind. After all, those are legitimate clients and there seems to be a firewall with connection tracking issues. What's unexpected to me is having TCP requests, I was expecting only UDP traffic from end users. DNSSEC used? Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
