North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DNS DOS increasing?
Title: RE: DNS DOS increasing? -----Original Message-----
That's not the problem. It's ill-behaved clients that ignore TTL
Methinks I have been misunderstood or I have obfuscated my own point... The dns server is set to give a 10 second TTL to the dns client. The entry ages out in 10 seconds, so the client (following expected practice) ages the entry out. 15 seconds later, when they click on the next button on the web page (for example), they have to go get the IP again. This the DOS (DDOS?) like behavior. Sure the dns client is hammering the dns server, but the server is telling it to by giving out an absurdly short TTL... The server is ASKING FOR IT by setting it's TTL to 10 seconds. The client can't help it, it is just doing what it has been told. Why It Does It This Way
Since the box is authoritative for the zone, and has interfaces in more than one subnet or provider, the failure of one link means that the normal dns mechanism of going to the next responsive dns server points users to the remaining good link, and the box obliges by serving out responses that point the client back down the good link. James H. Smith II NNCDS NNCSE
I speak for myself, and that gets me into enough trouble.
|