[dns-operations] High qps for type32xxx records
Ben.O'Hara at neustar.biz
Thu Dec 15 07:42:27 UTC 2016
Sorry had to change subbed address to resend.
Anyone else seeing a huge increase for requests for $random.$tld type32xxx +dnssec (changes) hitting their auth server? Were doing about 5 , times our normal query rate intermittently over the last 3 days (not a problem, but interested what it is)
Doesn't look to be from a spoofed sources as per a normal amplification attack (and were using rrl already)
I know another providers seeing the same.
Any ideas what they are trying to do? It's all nxdomain responses plus the dnssec records.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations