[dns-operations] Queries for isc.org/ANY/IN
Paul J. Smith
pjsmith at mtgsy.net
Mon Jan 9 08:15:31 UTC 2012
I think you'll find most of these are apnic blocks. Quite a few providers including ourselves have been seeing this traffic for a month or so now. They are making ANY requests for many, many domains at a great rate. We certainly see 1000's of requests per second. Mostly 5 minute peaks, but sometimes longer. Starts around 4am our time, carries on for 14 hours or so, stops, re-starts the next day.
-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Sebastian Wiesinger
Sent: 08 January 2012 23:46
To: DNS Operations
Subject: [dns-operations] Queries for isc.org/ANY/IN
Hello,
I'm noticing a spike in queries for isc.org/ANY/IN on my DNS server.
These are refused but I wonder what is up? I read that there was a
(attempted) DDoS with these kind of queries in the past, is ist
starting up again?
These queries suddenly started on January 2nd, you can see it here:
http://www.karotte.org/pics/isc-queries.png
There are the Top 10 clients for this query in the last 24 hours:
2476 69.4.233.53
2120 76.10.210.231
1301 212.7.194.14
926 176.31.235.155
534 68.68.27.29
457 174.127.73.147
232 78.159.111.189
143 174.127.88.134
95 69.4.230.111
79 46.105.9.242
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list