Jan-Peter,

> I just noticed BotNet (0.8) causing SA timeouts


> Then it just hangs for quite some time and finally runs into the
> timeout. Any idea?


A known problem, it uses a default timeout of Net:NS,
which is very long for certain unresolvable DNS queries.
Try the following patch:


--- Botnet.pm.ori 2007-08-06 15:59:16.000000000 +0200
+++ Botnet.pm 2007-08-06 16:02:43.000000000 +0200
@@ -711,5 +711,14 @@
(defined $max) &&
($max =~ /^-?\d+$/) ) {
- $resolver = Net:NS::Resolver->new();
+ $resolver = Net:NS::Resolver->new(
+ udp_timeout => 5,
+ tcp_timeout => 5,
+ retrans => 0,
+ retry => 1,
+ persistent_tcp => 0,
+ persistent_udp => 0,
+ dnsrch => 0,
+ defnames => 0,
+ );
if ($query = $resolver->search($name, $type)) {
# found matches
@@ -834,5 +843,14 @@
my ($ip) = @_;
my ($query, @answer, $rr);
- my $resolver = Net:NS::Resolver->new();
+ my $resolver = Net:NS::Resolver->new(
+ udp_timeout => 5,
+ tcp_timeout => 5,
+ retrans => 0,
+ retry => 1,
+ persistent_tcp => 0,
+ persistent_udp => 0,
+ dnsrch => 0,
+ defnames => 0,
+ );
my $name = "";



Mark