[dns-operations] what type of attack is this?

Steven Carr sjcarr at gmail.com
Fri Aug 9 11:31:54 UTC 2013

On 9 August 2013 09:19, Jim Reid <jim at rfc1035.com> wrote:
> On 9 Aug 2013, at 09:14, Ken Peng <pyh2 at att.net> wrote:
>> My nameservers are auth-only. that means we are the auth-servers for that domain.
> => you have to answer those queries. If you think you're getting flooded, consider blacklisting the source IP addresses or using traffic shaping or applying DNS rate-limiting. Or some combination of these. You might try finding out who's sending the extra traffic and ask them to fix things.

And given the dubious nature of the site in question it's not
surprising you are being bombarded with unwanted DNS requests.


More information about the dns-operations mailing list