[dns-operations] DNS deluge for x.p.ctrc.cc

Geo. geoincidents at nls.net
Wed Mar 1 12:49:33 UTC 2006

> > I mean it seems the firewall that prevents spoofed recursion has to be
> > between the recursive dns server and it's local clients. Who has a setup
> > like that?
> I honestly don't understand..
> Do you mean that spoofing doesn't work anymore, or that everyone
> prevents spoofing, or..?

What I'm saying is that with a botnet dns attack, each bot is going to use
it's local dns servers so setting the firewall to block remote recursive dns
queries or even spoofed traffic is going to gain you nothing since the
attack is originating from local bots.

You would likely have to run a software firewall on the dns server itself to
prevent this sort of attack. Either that or the dns server software has to
have functionality that allows you to tell it to respond only to local IP's.


More information about the dns-operations mailing list