[dns-operations] annoying DDoS attack on ns0.rfc1035.com
Paul J. Smith
pjsmith at mtgsy.net
Sun Jun 10 10:08:01 UTC 2012
Nope - I tested this some time ago - mail delivery from certain large providers will fail as they don't do MX requests, even if the ANY fail's it seems.
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of DTNX Postmaster
Sent: 10 June 2012 11:07
To: DNS Operations List
Subject: Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com
On Jun 10, 2012, at 10:59, Dobbins, Roland wrote:
> On Jun 10, 2012, at 3:45 PM, Jim Reid wrote:
>> And why pick on my name server which has never done anyone any harm?
> They're just looking for ANY records, there's no rhyme or reason to it. They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification.
> Do you really need to respond to ANY queries - especially when your servers are being abused?
Are there any downsides to not responding to 'ANY' queries? A client
should retry with a more focused query AFAIK, but does that actually
happen in practice?
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list
More information about the dns-operations