[dns-operations] New subscribers

bert hubert bert.hubert at netherlabs.nl
Tue Jan 11 11:47:24 UTC 2011

On Mon, Jan 10, 2011 at 09:37:47AM -0600, John Kristoff wrote:
> > It's almost cerrtainly a attempted DNS amplification attack.  The
> I suspect in this particular case it was no an amplification attack,
> because it was aimed at one or more resolvers that will not answer at
> all.  At best they would refused response.  I suspect it was some sort
> of exploratory scanning, just not sure who was doing or why.  Sometimes
> folks come forward, sometimes not.  :-)

A big resolver operator reported 5000 incoming ISC.ORG/ANY queries/second on
his very much production servers.  Goes a bit beyond exploratory scanning.

Oddly enough, this attack did take down some resolvers (but not PowerDNS, in
this case). The reason is unknown, the query was being cached effectively.


More information about the dns-operations mailing list