On Thu, Oct 19, 2023 at 11:36:13AM +0200, Steffan via Pdns-users wrote:
> Hello,
>
>
>
> I have 2 dns servers.
> Both running on centos with his own replicated mysql backends
>
>
>
> Yesterday both dns servers stopped responding for 3 minutes.
>
> In the periode of 3 minutes I see a lot of lines for the same domain.
>
> Pdns that was restared by it self and again the fluid of this domain.
>
>
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 91.202.230.18 wants
> 'lp2.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 46.51.160.145 wants
> 'ns34.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 192.73.240.129 wants
> 'thai.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 146.112.128.69 wants
> 'auth-hack.xxx.com|A', do = 1, bufsize = 1232 (1410): packetcache HIT
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 117.54.16.252 wants
> 'payments.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a02:2f0e:5fff:ffff::2
> wants 'skyline.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
>
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a04:c602:409:fe::27 wants
> 'app3.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
Logging each request is not wise, disabling that will probably make
your server be able to handle way more requests per sec.
-Otto
>
>
>
> After this:
>
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Service RestartSec=1s expired,
> scheduling restart.
>
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Scheduled restart job, restart
> counter is at 59.
>
> Oct 18 21:42:36 ns1 systemd[1]: Stopped PowerDNS Authoritative Server.
>
> Oct 18 21:42:36 ns1 systemd[1]: Starting PowerDNS Authoritative Server...
>
> Oct 18 21:42:36 ns1 rsyslogd[795583]: imjournal: 102527 messages lost due to
> rate-limiting (20000 allowed within 600 seconds)
>
> Oct 18 21:42:36 ns1 systemd[1]: Started PowerDNS Authoritative Server.
>
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Main process exited,
> code=exited, status=1/FAILURE
>
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Failed with result
> 'exit-code'.
>
> Oct 18 21:42:37 ns1 systemd[1]: pdns.service: Service RestartSec=1s expired,
> scheduling restart.
>
> Oct 18 21:42:37 ns1 systemd[1]: pdns.service: Scheduled restart job, restart
> counter is at 60.
>
> Oct 18 21:42:37 ns1 systemd[1]: Stopped PowerDNS Authoritative Server.
>
> -----
>
>
>
> Oct 18 21:42:51 ns1 systemd[1]: Starting PowerDNS Authoritative Server...
>
> Oct 18 21:42:53 ns1 systemd-journald[218]: Suppressed 80113 messages from
> pdns.service
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Failed to retrieve security status
> update for '4.8.2' on 'auth-4.8.2.security-status.secpoll.powerdns.com.':
> RCODE was Server Failure
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Creating backend connection for
> TCP
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Primary/secondary communicator
> launching
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
>
> Oct 18 21:42:53 ns1 pdns_server[2514841]: About to create 3 backend threads
> for UDP
>
>
>
> Than again a lot of the same lines for the same domain.
> afther 3:36 minutes dns was responding normaly and the request are back to
> normal.
> So It looks like some kind of attack.
>
> Is there something that I can do to prevent this from the future.
>
>
>
>
>
>
>
>
> Met vriendelijke groet,
>
>
>
> Steffan Noord
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
