[dns-operations] annoying DDoS attack on ns0.rfc1035.com

Paul J. Smith pjsmith at mtgsy.net
Sun Jun 10 10:08:01 UTC 2012

Nope - I tested this some time ago - mail delivery from certain large providers will fail as they don't do MX requests, even if the ANY fail's it seems.

-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of DTNX Postmaster
Sent: 10 June 2012 11:07
To: DNS Operations List
Subject: Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com

On Jun 10, 2012, at 10:59, Dobbins, Roland wrote:

> On Jun 10, 2012, at 3:45 PM, Jim Reid wrote:
>> And why pick on my name server which has never done anyone any harm?
> They're just looking for ANY records, there's no rhyme or reason to it.  They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification.
> Do you really need to respond to ANY queries - especially when your servers are being abused?

Are there any downsides to not responding to 'ANY' queries? A client 
should retry with a more focused query AFAIK, but does that actually 
happen in practice?


dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list

More information about the dns-operations mailing list