DOS of named
Toomas Aas
toomas.aas at raad.tartu.ee
Fri Dec 19 09:35:35 PST 2003
Hi!
> what measures can I take against this irregular appearing Denial-Of-Service
> attacks of named which is filling my logfiles (messages, daemon, all.log)
> with messages like "sysquery: no addrs found for root NS" for minutes
> at a rate of 4000 lines/sec?
Here's what I have done on my FreeBSD 4.8 machines.
Put the following in /etc/namedb/named.conf:
-----------------------< cut >-----------------------
logging {
channel everything {
file "/var/log/named"
versions 5
size 4m;
severity info;
print-category no;
print-severity yes;
print-time yes;
};
category default {
everything;
};
};
-----------------------< cut >-----------------------
This, as you understand, configures named to log it's messages to file
/var/log/named (bypassing syslogd), doesn't allow the log file to grow
larger than 4 MB and keeps 5 previous versions of the file.
The errors still happen, but at least your /var partition won't fill
up.
> Thus, nothing to solve the problem or to find the true cause.
I've gone through the same path you have, with similar results. It is
interesting to mention that I have three servers (now
4.8-RELEASE-p13) running named (from base system) on FreeBSD, two of
them using ISP A and one using ISP B (respective ISP's name servers
configured as forwarders in named.conf). The problem happens with both
servers behind ISP A, but has never happened to the one behind ISP B.
--
Toomas Aas | toomas.aas at raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Tell me what you need, and I'll tell you how to get along without it.
More information about the freebsd-questions
mailing list