[MOBY-dev] question for moby devs/architects regarding use of DNS
Chris Dagdigian
dag at sonsorol.org
Wed Nov 29 14:20:46 UTC 2006
Hi folks,
I just installed a new firewall (or in fancy terms 'unified threat
management appliance' ) upstream of the main open-bio.org servers.
One of the more interesting reports so far is that a number of IP
addresses have been opening up very large numbers of TCP connections
to the main open-bio.org web/DNS/mailserver. We are talking about 256
+ simultaneous TCP sessions heading our way from the same remote IP
address.
Some of this is just web spidering and FTP mirroring but quite a bit
of the traffic (oddly enough) is DNS related.
We have an open DNS server and it is quite likely that people have
found this out and are using us for recursive DNS queries. It is
actually pretty easy to constrain/lock this down but that DNS server
is also the primary nameserver for biomoby.org and the very special
LSID SVR identifier used for LSID discovery operations.
I guess I have the following questions/requests for the moby expert
community:
(1) In the way that moby is architected is it expected that either
clients or servers would generate lots of DNS traffic for
biomoby.org? If what I am seeing is 'normal' then I just want to
leave things alone.
(2) How popular is LSID? Could services making use of the 'lsid' SVR
record be responsible for lots of DNS traffic? LIke 256+ sessions
from the same IP?
(3) I am going to reconfigure the DNS server so that we don't
recursively answer DNS requests for other domains (like 'cnn.com'
etc.) while still allowing anyone in the world to query the
biomoby.org DNS zone. Can the moby developers/leaders elect a point
person that I can remain in contact with while we do this work? I
want to make sure that we don't affect/break moby services while this
work is done.
Thanks!
-Chris
OBF
More information about the MOBY-dev
mailing list