Bind 9.4.3 and 2 hr DNS flooding problem

Hi there.

I'm having a problem with my BIND server, where every 2hrs I get flooded with DNS messages such as these:

named[21338]: unexpected RCODE (REFUSED) resolving '48x40.com/MX/IN': 66.196.84.168#53

unexpected RCODE (SERVFAIL) resolving 'ns.ryazan.ru/A/IN': 82.196.129.12#53

named[21338]: lame server resolving '121gigawatts.net' (in '121gigawatts.NET'?): 209.59.180.230#53

named[21338]: FORMERR resolving 'betsgroup.com/MX/IN': 205.178.144.51#53

named[21338]: client 216.240.128.56#1031: no more recursive clients: quota reached



The flood seems to last about 40 seconds, and during that time the quantity of DNS messages is actually causing a mini DoS on one of my firewall interfaces. The firewall actually drops some of the UDP DNS requests:

Dropped UDP DNS reply from outside:xx.xx.xx.xx/53 to dmz:xx.xx.xx.xx/59323; packet length 524 bytes exceeds configured limit of 512 bytes


Does anyone have any idea what would cause this DNS flood every two hours, and what I might do to alleviate the problem?

Thanks in advance!

Hello,

do you have an caching name server ?

I don't believe it's a caching server. I have the 'recursion no' line set in the options section of my named.conf

Hi,

I would prefer an caching name server and what is the kernel you have..?

I'm running an pretty old kernel: 2.6.18-1.2239.fc5

Hey,

when did you get this error while the server gets load ?
or bind fails normally...Did the system update happen frequently..and please
check that the system has upgraded to chroot environment...

these are just hack atempts or least likely that your ip was once a recursive server.

worry more if the errors stop showing up