Named service causes high CPU load: client query (cache) '/ANY/IN' denied

Created:

2017-02-22 09:17:09 UTC

Modified:

2017-08-08 13:08:59 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Named service causes high CPU load: client query (cache) '/ANY/IN' denied

Applicable to:

  • Plesk for Linux

Symptoms

Named service causes high CPU load.

Significant number of DNS requests from external clients regarding zones that are not hosted on the Plesk server. Recursion (type of requests for these kind of zones) is disabled for external clients. In /var/log/messages , it appears like the following multiple records:

Feb 21 21:27:32 server named[2134]: client 203.0.113.2#4444 (example.com): query (cache) 'example.com/ANY/IN' denied
Feb 21 21:27:32 server named[2134]: client 203.0.113.2#4444 (example.com): query (cache) 'example.com/ANY/IN' denied
Feb 21 21:27:32 server named[2134]: client 203.0.113.2#4444 (example.com): query (cache) 'example.com/ANY/IN' denied
Feb 21 21:27:32 server named[2134]: client 203.0.113.2#4444 (example.com): query (cache) 'example.com/ANY/IN' denied
Feb 21 21:27:32 server named[2134]: client 203.0.113.2#4444 (example.com): query (cache) 'example.com/ANY/IN' denied

Cause

Recursive requests from external clients are handled on the application level (by named service) causing high CPU load.

Resolution

Install fail2ban to block such malicious requests on the network level to free up CPU resources. the following should be done:

1. Install Fail2Ban component using Plesk installer

2. Create a new jail for DNS service using instructions from Plesk documentation

Have more questions? Submit a request

2 Comments

Please sign in to leave a comment.