[MOBY-dev] question for moby devs/architects regarding use of DNS

[Chris Dagdigian]

Hi folks,

I just installed a new firewall (or in fancy terms 'unified threat  
management appliance' ) upstream of the main open-bio.org servers.

One of the more interesting reports so far is that a number of IP  
addresses have been opening up very large numbers of TCP connections  
to the main open-bio.org web/DNS/mailserver. We are talking about 256 
+ simultaneous TCP sessions heading our way from the same remote IP  
address.

Some of this is just web spidering and FTP mirroring but quite a bit  
of the traffic (oddly enough) is DNS related.

We have an open DNS server and it is quite likely that people have  
found this out and are using us for recursive DNS queries. It is  
actually pretty easy to constrain/lock this down but that DNS server  
is also the primary nameserver for biomoby.org and the very special  
LSID SVR identifier used for LSID discovery operations.

I guess I have the following questions/requests for the moby expert  
community:

(1) In the way that moby is architected is it expected that either  
clients or servers would generate lots of DNS traffic for  
biomoby.org? If what I am seeing is 'normal' then I just want to  
leave things alone.

(2) How popular is LSID? Could services making use of the 'lsid' SVR  
record be responsible for lots of DNS traffic? LIke 256+ sessions   
from the same IP?

(3) I am going to reconfigure the DNS server so that we don't  
recursively answer DNS requests for other domains (like 'cnn.com'  
etc.) while still allowing anyone in the world to query the  
biomoby.org DNS zone.  Can the moby developers/leaders elect a point  
person that I can remain in contact with while we do this work? I  
want to make sure that we don't affect/break moby services while this  
work is done.

Thanks!

-Chris
OBF