Date: Fri, 19 Dec 2003 19:35:27 +0200 From: "Toomas Aas" <toomas.aas@raad.tartu.ee> To: "Robert Eckardt" <Robert.Eckardt@Robert-Eckardt.de> Cc: questions@freebsd.org Subject: Re: DOS of named Message-ID: <200312191735.hBJHZVWw026735@lv.raad.tartu.ee> In-Reply-To: <20031216191701.M14568@Robert-Eckardt.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
> what measures can I take against this irregular appearing Denial-Of-Service
> attacks of named which is filling my logfiles (messages, daemon, all.log)
> with messages like "sysquery: no addrs found for root NS" for minutes
> at a rate of 4000 lines/sec?
Here's what I have done on my FreeBSD 4.8 machines.
Put the following in /etc/namedb/named.conf:
-----------------------< cut >-----------------------
logging {
channel everything {
file "/var/log/named"
versions 5
size 4m;
severity info;
print-category no;
print-severity yes;
print-time yes;
};
category default {
everything;
};
};
-----------------------< cut >-----------------------
This, as you understand, configures named to log it's messages to file
/var/log/named (bypassing syslogd), doesn't allow the log file to grow
larger than 4 MB and keeps 5 previous versions of the file.
The errors still happen, but at least your /var partition won't fill
up.
> Thus, nothing to solve the problem or to find the true cause.
I've gone through the same path you have, with similar results. It is
interesting to mention that I have three servers (now
4.8-RELEASE-p13) running named (from base system) on FreeBSD, two of
them using ISP A and one using ISP B (respective ISP's name servers
configured as forwarders in named.conf). The problem happens with both
servers behind ISP A, but has never happened to the one behind ISP B.
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Tell me what you need, and I'll tell you how to get along without it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312191735.hBJHZVWw026735>