SUN RPC + bind = millions of datagrams

Craig Partridge (craig@NNSC.NSF.NET)
Thu, 27 Oct 88 13:18:46 -0400

Hi folks:

    Some of you may have encountered a phenomena where a SUN system
blasts away your domain nameserver with thousands or even millions (yes
it's been observed) of domain queries.

    I know of at least three such cases on the Internet in the past two
weeks. In all three cases a host at one end of the Internet was blasting
a nameserver at the other end (when NSFNET was in the middle of one of
these experiences the backbone traffic jumped by a factor of 2).

    The problem appears to be with using SUN RPC to resolve domain
names. SUN RPC has no "soft error" mode, so if the server doesn't reply,
it just keeps asking -- forever. If this happens in telnet or ftp,
that's OK -- the user will kill the program (and thus the RPC call)
eventually. But if it happens in your SMTP or TELNET daemon, well,
you (and the net) have a problem.

    The fix appears to be to replace the SUN-provided gethostbyXXXX routines
in your shared libc with the domain versions. SUN Customer Support can
apparently provide you with such a "fixed" libc.


PS: Many thanks to the folks at SUN who helped me get this information.

