[dns-operations] Queries for isc.org/ANY/IN
Paul J. Smith
pjsmith at mtgsy.net
Mon Jan 9 08:15:31 UTC 2012
I think you'll find most of these are apnic blocks. Quite a few providers including ourselves have been seeing this traffic for a month or so now. They are making ANY requests for many, many domains at a great rate. We certainly see 1000's of requests per second. Mostly 5 minute peaks, but sometimes longer. Starts around 4am our time, carries on for 14 hours or so, stops, re-starts the next day.
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of Sebastian Wiesinger
Sent: 08 January 2012 23:46
To: DNS Operations
Subject: [dns-operations] Queries for isc.org/ANY/IN
I'm noticing a spike in queries for isc.org/ANY/IN on my DNS server.
These are refused but I wonder what is up? I read that there was a
(attempted) DDoS with these kind of queries in the past, is ist
starting up again?
These queries suddenly started on January 2nd, you can see it here:
There are the Top 10 clients for this query in the last 24 hours:
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list
More information about the dns-operations