[dns-operations] High qps for type32xxx records

O'Hara, Ben Ben.O'Hara at neustar.biz
Thu Dec 15 07:42:27 UTC 2016

Sorry had to change subbed address to resend.

Anyone else seeing a huge increase for requests for $random.$tld type32xxx +dnssec (changes) hitting their auth server? Were doing about 5 , times our normal query rate intermittently over the last 3 days (not a problem, but interested what it is)

Doesn't look to be from a spoofed sources as per a normal amplification attack (and were using rrl already)

I know another providers seeing the same.

Any ideas what they are trying to do? It's all nxdomain responses plus the dnssec records.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161215/099fac11/attachment.html>

More information about the dns-operations mailing list