[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: DNS PTR surveying
From:       antirez <antirez () linuxcare ! com>
Date:       1997-01-22 14:01:51
[Download RAW message or body]


On Sun, Oct 01, 2000 at 08:28:33AM -0000, D. J. Bernstein wrote:
> A big, fast survey will kill a BIND cache, because BIND dies when it
> runs out of memory. BIND 9 won't die, but it will stop caching new data,

You should be able to kill bind and other dns cache software even
faster using for example IN A query to name that does not exist for sure,
better using RANDOM.some.domain.net with some.domain.net DNS slow or down.

> so performance goes down the toilet. Unless you're trying to take down
> somebody's DNS service, you should use the dnscache program included in
> the djbdns package; dnscache smoothly discards old data.

I'm developing a DNS cache for embedded systems, I used the same behaviour
(i.e. if the forwarded-requests-queue is full, discard the oldest and insert
the new request, the same for the cache queue), but this seems to enough
(Who is able to stop DoS?).
To assign very low cache TTL to 'negative' responses may help, anyway
it's quite hard to weigh the queue size of the forwarded requests and
the expiration time to avoid problems. Another variable is the amount
of data to discard when we run out of memory. The simple drop-one & insert-one
algorithm may not be optimal.

attached a trivial program that performs IN A RANDOM.some.domain requests.

antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.

["query-flood.c.gz" (application/x-gunzip)]

[prev in list] [next in list] [prev in thread] [next in thread]