From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1664
Path: news.gmane.org!not-for-mail
From: Alex Efros <powerman@powerman.name>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: dnscache endless resolving loop
Date: Thu, 28 Feb 2008 18:21:48 +0200
Organization: asdfGroup Inc., http://powerman.asdfGroup.com/
Message-ID: <20080228162148.GB27827@home.power>
References: <20080228152254.GA21748@home.power> <Pine.LNX.4.64.0802281101360.10775@e-smith.charlieb.ott.istop.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1204215723 4126 80.91.229.12 (28 Feb 2008 16:22:03 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 28 Feb 2008 16:22:03 +0000 (UTC)
To: supervision@list.skarnet.org
Original-X-From: supervision-return-1899-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Feb 28 17:22:28 2008
Return-path: <supervision-return-1899-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by lo.gmane.org with smtp (Exim 4.50)
	id 1JUlWY-0006Ka-36
	for gcsg-supervision@gmane.org; Thu, 28 Feb 2008 17:22:22 +0100
Original-Received: (qmail 30256 invoked by uid 76); 28 Feb 2008 16:22:11 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 30244 invoked from network); 28 Feb 2008 16:22:11 -0000
Mail-Followup-To: supervision@list.skarnet.org
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.0802281101360.10775@e-smith.charlieb.ott.istop.com>
User-Agent: Mutt/1.5.16 (2007-06-09)
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1664
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/1664>

Hi!

On Thu, Feb 28, 2008 at 11:16:45AM -0500, Charlie Brady wrote:
>> server")... dnscache run on 127.0.0.1 so it isn't remote attack.
>>
>> After all I got an Idea: maybe it's dnscache is the one who asking
>> dnscache? :) I did strace, and, yes, it looks like dnscache send PTR
>> requests to itself in endless loop.
>
> Move your dnscache to, say, 127.0.0.9, and you will escape this loop.
> Or add an override delegation for that reverse zone, in ./root/servers.

... and repeat this each time something like this happens? :(

Actually, all of this in fact is remote DoS attack (but not intentional,
of course) to dnscache running on 127.0.0.1. WOW! :)

-- 
			WBR, Alex.