[dns-operations] what type of attack is this?

[Jim Reid]

On 9 Aug 2013, at 09:14, Ken Peng <pyh2 at att.net> wrote:

> My nameservers are auth-only. that means we are the auth-servers for that domain.

=> you have to answer those queries. If you think you're getting flooded, consider blacklisting the source IP addresses or using traffic shaping or applying DNS rate-limiting. Or some combination of these. You might try finding out who's sending the extra traffic and ask them to fix things.