Paul, I'm sorry if this is JUST to BIND or some other specific software. But, IMHO this is just a sample that requests which only generate NXDOMAIN responds. According to someone's presentation on NANOG ("DNS anomailies and their impact on DNS Cache Server" ), such record may be type of attack. If we only rely on cacheing to remove paient of CPU time, cache server load will be increased. So, what I'm tryting to ask is , is there some mechanism proposed to deal with such problem? BIND is just a sample. joe --- Paul Vixie <vixie@vix.com> wrote:
joe_hznm@yahoo.com.sg (Joe Shen) writes:
I'm using BIND9.2.5 & BIND9.3.1 on two Solaris box, each box has two CPUs installed. it's found BIND8.4.6 running on one CPU could reach the throughput of BIND9.*.* running on two CPUs.
Could we improve server throughput or lower lower the effect of those requests on NXDOMAIN?
yes. but "we" isn't nanog. can you take your bind-specific questions to a bind-related mailing list or newsgroup? www.isc.org has pointers. -- Paul Vixie
__________________________________________________ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com