[dns-operations] annoying DDoS attack on ns0.rfc1035.com
postmaster at dtnx.net
Sun Jun 10 10:06:47 UTC 2012
On Jun 10, 2012, at 10:59, Dobbins, Roland wrote:
> On Jun 10, 2012, at 3:45 PM, Jim Reid wrote:
>> And why pick on my name server which has never done anyone any harm?
> They're just looking for ANY records, there's no rhyme or reason to it. They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification.
> Do you really need to respond to ANY queries - especially when your servers are being abused?
Are there any downsides to not responding to 'ANY' queries? A client
should retry with a more focused query AFAIK, but does that actually
happen in practice?
More information about the dns-operations