message ``sendto failed: Invalid argument''
Miek Gieben
miek at miek.nl
Tue Feb 7 13:20:42 UTC 2006
[On 06 Feb, @20:08, Peter Koch wrote in "Re: message ``sendto failed: I ..."]
> On Mon, Jan 30, 2006 at 11:03:46AM +0100, Arnt Gulbrandsen wrote:
> > After all, anyone with access to the source can DOS nsd perfectly well
> > as it is.
>
> it's a general trade-off between logging and being able to recognize problems
> and silence and the absence of such opportunity. The general problem can
> be solved by rate limiting error messages, which in turn requires more state
> which opens another DoS path etc.
well said.
Rate limiting log messages == feature creep, so that will be probably
never be implemented (in NSD).
> Would those CPU cycles necessary to enhance the currrent message be critical?
as a respons to this thread, I've added a few lines that explicitly
check for port == 0 and if so drop the current query on the floor. But
now I get the feeling that even this is too much and the old behavoir
wasn't that bad.
--
grtz,
- Miek
http://www.miek.nl http://www.nlnetlabs.nl
PGP: 6A3C F450 6D4E 7C6B C23C F982 258B 85CF 3880 D0F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20060207/74698671/attachment.bin>
More information about the nsd-users
mailing list