求助:日誌老報no more recursive clients : quota reached

火星人 @ 2014-03-04 , reply:0
←手機掃碼閱讀

求助:日誌老報no more recursive clients : quota reached

各位大哥,最近我的DNS伺服器的日誌內老報「(具體IP地址)no more recursive clients: quota reached"
不知作何解釋!
《解決方案》

求助:日誌老報no more recursive clients : quota reached

操作系統是solaris8
bind9.2
《解決方案》

求助:日誌老報no more recursive clients : quota reached

Limitting the Number of clients

Bind 9 gives you the ability to restrict the number of clients your
nameserver will serve concurrently.  You can apply a limit to the number of
recursive clients ( resolvers plus name servers using your name server as a
forwarder) with the recurvsive-clients substatement:

options {
        recursive-clients 10;
};

The default limit is 1000.  If u find your nameserver refusing recursive
queries and logging as shown by the error you've posted, you may want to
increase the limit. Conversely, if you find your nameserver struggling to
keep up with the deluge of recursive queries, you could lower the limit.

You can also apply a limit to the number of TCP connections your name server
will process with the tcp-clients substatement. But TCP connections consume
considererable more resources than UDP because the host needs to track the
state of the TCP connection.

So just increase the recursive-clients substatement.

Is your nameserver a caching-nameserver?....if it is, maybe it is being used
by others as their DNS, thus making your nameserver reached it's maximum
limit. And is it for your local DNS only?
《解決方案》

求助:日誌老報no more recursive clients : quota reached

上面的這段話是 《DNS and BIND》第四版中的一段話,希望對你有幫助!  ^_^     別告訴我看不懂 e 文啊!!!
《解決方案》

求助:日誌老報no more recursive clients : quota reached

都是同一個IP地址發起的,估計是攻擊吧?如果是攻擊的話,如何抵禦呢?
《解決方案》

求助:日誌老報no more recursive clients : quota reached

如果發現是攻擊,可以將這個IP地址加入blackhole這個選項,那麼 dns 就會拒絕對這個IP地址解析域名。

這個選項在 named.conf 文件中設置。
《解決方案》

求助:日誌老報no more recursive clients : quota reached

現在的黑客都是採用分散式的攻擊方法,不可能每次都針對某個地址進行封堵吧。是否可以只開放DNS設備的某個埠呢?
《解決方案》

求助:日誌老報no more recursive clients : quota reached

那你可以設置你的 dns 伺服器只對自己的網內的用戶服務,例如你的網內用戶的IP網段是10.0.0.0的話,你可以用 allow-query { 10.0.0.0;} 來限制只有 10.0.0.0 網段的用戶可以使用 dns 啊。
《解決方案》

求助:日誌老報no more recursive clients : quota reached

我的DNS是公網的,^_^!
《解決方案》

求助:日誌老報no more recursive clients : quota reached

原帖由 "titan1120"]各位大哥,最近我的DNS伺服器的日誌內老報「(具體IP地址)no more recursive clients: quota reached" 不知作何解釋!


偶今天也碰到了這個問題,差點要了偶的小命 :em06:

你的DNS伺服器是建在專網上的吧,有Internet出口嗎?




[火星人 via ] 求助:日誌老報no more recursive clients : quota reached已經有376次圍觀

http://www.coctec.com/docs/service/show-post-11133.html