[dns-operations] annoying DDoS attack on ns0.rfc1035.com
Paul J. Smith
pjsmith at mtgsy.net
Sun Jun 10 10:08:01 UTC 2012
Nope - I tested this some time ago - mail delivery from certain large providers will fail as they don't do MX requests, even if the ANY fail's it seems.
-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of DTNX Postmaster
Sent: 10 June 2012 11:07
To: DNS Operations List
Subject: Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com
On Jun 10, 2012, at 10:59, Dobbins, Roland wrote:
> On Jun 10, 2012, at 3:45 PM, Jim Reid wrote:
>
>> And why pick on my name server which has never done anyone any harm?
>
> They're just looking for ANY records, there's no rhyme or reason to it. They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification.
>
> Do you really need to respond to ANY queries - especially when your servers are being abused?
Are there any downsides to not responding to 'ANY' queries? A client
should retry with a more focused query AFAIK, but does that actually
happen in practice?
Cya,
Jona
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list