North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Malicious DNS request?
At 8:45 AM +0800 2005-05-18, Joe Shen wrote:
Do a DNS query for slartibartfastisacharacterinamoviewrittenbydouglasadamsthathasnotgottenverygoodreviewslatelyandisbasedontheoriginalBBCradioshowandtheresultingBBCtvminiseries.com, and you'll probably get an NXDOMAIN. Indeed, query for any other non-existent domain, and you'll get an NXDOMAIN response. That's what it means.I'm sorry if this is JUST to BIND or some other specific software. But, IMHO this is just a sample that requests which only generate NXDOMAIN responds.
According to someone's presentation on NANOG ("DNS anomailies and their impact on DNS Cache Server" ), such record may be type of attack.
NXDOMAIN == Attack? Please show me how you arrive at that logic.
Well, only caching servers have to worry about getting an NXDOMAIN response back. Authoritative-only servers may have to worry about sending them out, but that's pretty cheap. Indeed, it's pretty cheap for the caching servers to handle getting them.If we only rely on cacheing to remove paient of CPU time, cache server load will be increased. So, what I'm tryting to ask is , is there some mechanism proposed to deal with such problem? BIND is just a sample.
Yes, bad clients can abuse either caching servers or authoritative-only servers by doing things that result in a lot of NXDOMAIN responses, but that falls in the category of the programmers doing whatever is possible to protect themselves and their code against whatever kind of abuse gets hurled at them by poorly-behaved clients.
As far as that goes, that's a generic problem, and in the case of nameservers there are appropriate places to discuss this sort of thing -- such as the namedroppers mailing list.
Now, if you want to drag BIND into this picture as a specific example, there are appropriate places to discuss that, too -- such as the bind-users mailing list, or maybe one of the developer-oriented BIND mailing lists.
But none of these places are NANOG, and this discussion doesn't belong here -- either in the general case of nameservers, or in the specific case of BIND.
Brad Knowles, <firstname.lastname@example.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.