nanog mailing list archives
RE: DNS DOS increasing?
From: "Karyn Ulriksen" <valkaryn () valkaryn net>
Date: Mon, 21 Jan 2002 08:40:05 -0800
RE: DNS DOS increasing?I've seen this behavior before, also. I thought it was interesting that two servers side by side recieving the same attacks/ratios only serving DNS (BIND 8.2.x*) and acted in this manner: Redhat 6.2 w/dual proc 833 512/ram started "loosing" RR records Solaris 7 on a Sparc 10 (hehe) w/256 rebooted and served the correct records I'm curious to see how other OSes react to these attacks. My guess is that BSD systems (such as FreeBSD and BSDi) will react similarly to the Solaris based on my past experience with these systems. So I am curious too see if the RR record "loss" is an OS specific behaviour, especially since Redhat has priors in misplacing information in earlier versions of the OS. * I say BIND 8.2.x, because this continued to occur through the various BIND 8.2 releases. Best regards, Karyn Ulriksen Valkaryn Internet Group URL: http://www.valkaryn.net email: valkaryn () valkaryn net =========================================== "Decisions should be made in the space of seven breaths." -----Original Message----- From: Karyn Ulriksen [mailto:valkaryn () valkaryn net] Sent: Monday, January 21, 2002 8:39 AM To: James Smith Subject: RE: DNS DOS increasing? I've seen this behavior before, also. I thought it was interesting that two servers side by side recieving the same attacks/ratios only serving DNS (BIND 8.2.x*) and acted in this manner: Redhat 6.2 w/dual proc 833 512/ram started "loosing" RR records Solaris 7 on a Sparc 10 (hehe) w/256 rebooted and served the correct records I'm curious to see how other OSes react to these attacks. My guess is that BSD systems (such as FreeBSD and BSDi) will react similarly to the Solaris based on my past experience with these systems. So I am curious too see if the RR record "loss" is an OS specific behaviour, especially since Redhat has priors in misplacing information in earlier versions of the OS. * I say BIND 8.2.x, because this continued to occur through the various BIND 8.2 releases. Best regards, Karyn Ulriksen Valkaryn Internet Group URL: http://www.valkaryn.net email: valkaryn () valkaryn net =========================================== "Decisions should be made in the space of seven breaths." -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of James Smith Sent: Monday, January 21, 2002 7:08 AM To: nanog () merit edu Subject: RE: DNS DOS increasing? I've seen DOS-type behavior where a client will query a resolver for a name that doesn't exist, and the client does not accept the answer that the name does not exist and immediately sends another query, regardless of whether or not the resolver declared itself authoritative for the negative answer. -- /ak Get ready for more DOS-like behavior as systems get deployed that have 10 second TTLs in the DNS. These systems are used to provide multi-isp redundancy by pinging each upstreams router, and when a ping fails, start giving out a dns response using the other ISP IP range. Same FQDN, new IP. This of course is driven by the desire for redundancy in small businesses who make the Internet an integral part of their business plan. Either they can't get PI space and don't have (or don't want to spend) the $$$ to do BGP, or are unable to convince their upstream to cut a hole in their CIDR block and allow a 2nd party to announce that chunk (which for some is as small as /28). James H. Smith II NNCDS NNCSE Systems Engineer The Presidio Corporation
Current thread:
- DNS DOS increasing? Matt Martini (Jan 19)
- Re: DNS DOS increasing? Avleen Vig (Jan 20)
- Re: DNS DOS increasing? Alex Kamantauskas (Jan 21)
- <Possible follow-ups>
- RE: DNS DOS increasing? James Smith (Jan 21)
- RE: DNS DOS increasing? E.B. Dreger (Jan 21)
- Re: DNS DOS increasing? Joel Baker (Jan 21)
- Re: DNS DOS increasing? E.B. Dreger (Jan 21)
- RE: DNS DOS increasing? E.B. Dreger (Jan 21)
- Re: DNS DOS increasing? Avleen Vig (Jan 20)
- RE: DNS DOS increasing? Karyn Ulriksen (Jan 21)
- Re: DNS DOS increasing? Rob Evans (Jan 21)
- RE: DNS DOS increasing? James Smith (Jan 21)
- Re: DNS DOS increasing? Stephen Griffin (Jan 21)
- Re: DNS DOS increasing? E.B. Dreger (Jan 21)
- Re: DNS DOS increasing? Stephen Griffin (Jan 21)
- Re: DNS DOS increasing? Miquel van Smoorenburg (Jan 21)
- Re: DNS DOS increasing? just me (Jan 21)
- Re: DNS DOS increasing? E.B. Dreger (Jan 21)
- Re: DNS DOS increasing? just me (Jan 21)
- RE: DNS DOS increasing? Curtis Maurand (Jan 21)
- RE: DNS DOS increasing? Curtis Maurand (Jan 21)
- RE: DNS DOS increasing? James Smith (Jan 22)