message ``sendto failed: Invalid argument''

Miek Gieben miek at
Tue Feb 7 13:20:42 UTC 2006

[On 06 Feb, @20:08, Peter Koch wrote in "Re: message ``sendto failed: I ..."]
> On Mon, Jan 30, 2006 at 11:03:46AM +0100, Arnt Gulbrandsen wrote:
> > After all, anyone with access to the source can DOS nsd perfectly well 
> > as it is.
> it's a general trade-off between logging and being able to recognize problems
> and silence and the absence of such opportunity. The general problem can
> be solved by rate limiting error messages, which in turn requires more state
> which opens another DoS path etc.

well said. 

Rate limiting log messages == feature creep, so that will be probably
never be implemented (in NSD). 

> Would those CPU cycles necessary to enhance the currrent message be critical? 

as a respons to this thread, I've added a few lines that explicitly
check for port == 0 and if so drop the current query on the floor. But
now I get the feeling that even this is too much and the old behavoir
wasn't that bad.

  - Miek    
  PGP: 6A3C F450 6D4E 7C6B C23C  F982 258B 85CF 3880 D0F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the nsd-users mailing list