[dns-operations] Sierra Leone (.sl) TLD
Marco Davids (SIDN)
marco.davids at sidn.nl
Mon Feb 24 10:12:15 UTC 2025
On Mon, 24 Feb 2025 10:07:20 +0100 Petr Špaček wrote:
> I agree sl TLD has _very_ unusual configuration, but their servers don't
> send ANY responses over UDP, so it should not be a problem by itself. I
> would think the problem is someone else's servers which are willing to
> send oversized UDP answers
Such servers do exist in the wild (but you would need a whole lot of
them to generate the amount of traffic this amplification attack
generated the last time I encountered it):
[IP address hidden - will provide it off-list if desired]
dig +ignore +notcp +multi +crypto +dnssec ANY sl @[hidden]
; <<>> DiG 9.20.0 <<>> +ignore +notcp +multi +crypto +dnssec ANY sl
@[hidden]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39636
;; flags: qr tc rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sl. IN ANY
;; ANSWER SECTION:
sl. 854 IN RRSIG NS 7 1 1800 (
20250209213757 20250110212200 55940 sl.
rMvFxnZz23sTZbBI0dgkc2aghlM5QI81mcW7bW0fNFQ7
B7t6dyhANW+KpnGl8pj+5zSTMlOxbohnPMY4sr+mL+zA
.
.
.
<snap>
.
.
.
;; Query time: 64 msec
;; SERVER: [hidden]#53([hidden]) (UDP)
;; WHEN: Wed Jan 22 13:35:48 CET 2025
;; MSG SIZE rcvd: 4081
--
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xBB2857E82C0F54F3.asc
Type: application/pgp-keys
Size: 81793 bytes
Desc: OpenPGP public key
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20250224/d6c3ba8b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20250224/d6c3ba8b/attachment-0001.sig>
More information about the dns-operations
mailing list