> > I've got a pdns server at one site that is causing me massive headaches. > > Every morning when the staff come in and start using it (and were not > > talking > > large numbers) it fails to serve external dns and has to be restarted > > (usually) or rebooted. > > Which version of PowerDNS do you run? > > The recursor you specify is in fact an open recursor. This means it is > likely participating on DNS reflection attacks, and might therefore be slow > at times. From here (in europe at least) is is very slow, so the timeout > may actually be real.
Recursors that are being used for attacks often have problems - this is well known. We have been monitoring our PowerDNS recursors for quite a while with a very simple script which logs, via crontab every minute, the number of open sockets for the recursor: #! /bin/sh # Find approximate queue length for pdns_recursor, based on number of open sockets d=`date +'%Y%m%d %H:%M'` ; echo -n $d "" fstat -p `cat /var/run/pdns_recursor.pid` | wc -l During <random>.domain attacks we often see the number of open sockets increase dramatically - and this correlates well with slow(er) replies to clients. Monitoring this, and lately also via the PowerDNS "Graphing as a service" offer, http://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/ has significantly improved our ability to handle these attacks. Steinar Haug, AS 2116 _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
