[dns-operations] annoying DDoS attack on ns0.rfc1035.com

DTNX Postmaster postmaster at dtnx.net
Sun Jun 10 10:06:47 UTC 2012

On Jun 10, 2012, at 10:59, Dobbins, Roland wrote:

> On Jun 10, 2012, at 3:45 PM, Jim Reid wrote:
>> And why pick on my name server which has never done anyone any harm?
> They're just looking for ANY records, there's no rhyme or reason to it.  They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification.
> Do you really need to respond to ANY queries - especially when your servers are being abused?

Are there any downsides to not responding to 'ANY' queries? A client 
should retry with a more focused query AFAIK, but does that actually 
happen in practice?


More information about the dns-operations mailing list