[dns-operations] annoying DDoS attack on ns0.rfc1035.com

Tony Finch dot at dotat.at
Mon Jun 11 12:48:26 UTC 2012

Jim Reid <jim at rfc1035.com> wrote:
> I posted here to see if anyone else is experiencing this behaviour or can
> identify the root cause. DDoS attacks against "important" name servers are
> fairly common. Could the bad guys now be picking easier targets that may be
> more likely to fall over? And why pick on my name server which has never done
> anyone any harm?

We've been getting 1000-3000 queries per second for cam.ac.uk for at least
the last ten days or so. We have deployed DNSSEC so the responses are
fairly chunky 2KB fragmented UDP packets.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Portland: Variable 3 or 4, becoming northerly or northwesterly 4 or 5,
occasionally 6 in east. Slight or moderate. Occasional rain. Moderate or good,
occasionally poor.

More information about the dns-operations mailing list