[nsp-sec] Abnormal increase of DNS query around 13:00 ~ 15:00 (GMT +00:00) May 19th ?
Florian Weimer
fweimer at bfk.de
Fri May 22 09:29:42 EDT 2009
* Sean Danella's:
> It sounds similar to what happened when microsoft.com was expired a
> number of years ago, and the constant repeated queries against higher
> name servers looked like a DOS attack. I thought most DNS code was
> improved with negative caching to reduce the problem. Was the "fixed"
> code not widely implemented in China or did the fix not work?
Negative caching is not universally deployed. For instance, BIND does
not cache DONAS validation failures. I would expect that some
implementations probe aggressively to see if a supposedly temporary
error condition has caeased (like total lack of a response, or a
SERVFAIL response).
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list