From owner-freebsd-security Wed Jan 22 11:28:10 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD1FA37B405 for ; Wed, 22 Jan 2003 11:28:07 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46CF143EB2 for ; Wed, 22 Jan 2003 11:28:07 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 66CCC15333; Wed, 22 Jan 2003 11:27:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 6605415315 for ; Wed, 22 Jan 2003 11:27:38 -0800 (PST) Date: Wed, 22 Jan 2003 11:27:38 -0800 (PST) From: Mike Hoskins To: freebsd-security@FreeBSD.ORG Subject: Re: Limiting icmp unreach response from 231 to 200 packets per second In-Reply-To: <014b01c2c182$b93b5da0$34a8a8c0@melim.com.br> Message-ID: <20030122112600.G12348-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 Jan 2003, Ronan Lucio wrote: > > 1. BIND crashes. > > 2. DNS requests keep coming in, at a rate of 231 per second. > > 3. FreeBSD limits the number of icmp unreach responses, and tells you. > > 4. You restart BIND, and messages go away. > > I can't answer why step #1 occured, but I can assure you that #2 through > > #4 are natural results of #1, and are nothing to worry about it. See bind9-users for that. (Recent discussion.) > I think a good solution is install a DJB DNS Cache and leave it > just to answer DNS queries. If you can stand DJB's rhetoric. Sure, he seems like a smart enough guy... If he wasn't such an a$$. I guess that's a problem with a lot of "smart" people though. -- Mike Hoskins This message is RFC 1855 compliant, mike@adept.org www.adept.org/pub/rfcs/rfc1855.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message