[dns-operations] High qps for type32xxx records
O'Hara, Ben
Ben.O'Hara at neustar.biz
Thu Dec 15 07:42:27 UTC 2016
Sorry had to change subbed address to resend.
Anyone else seeing a huge increase for requests for $random.$tld type32xxx +dnssec (changes) hitting their auth server? Were doing about 5 , times our normal query rate intermittently over the last 3 days (not a problem, but interested what it is)
Doesn't look to be from a spoofed sources as per a normal amplification attack (and were using rrl already)
I know another providers seeing the same.
Any ideas what they are trying to do? It's all nxdomain responses plus the dnssec records.
Cheers
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161215/099fac11/attachment.html>
More information about the dns-operations
mailing list