<div dir="ltr">Hi Jim.<div>You get the first response prize :)</div><div>Queries have been originating from all kinds of mobile clients.</div><div><br></div><div>It appears that Amazon are blocking queries of type CNAME. I'm guessing because they have identified these are the basis of the attack.</div><div>According to our stats, this is very definitely not over yet.</div><div><br></div><div>cheers, Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 23 Oct 2019 at 09:43, Jim Reid <<a href="mailto:jim@rfc1035.com" target="_blank">jim@rfc1035.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
> On 23 Oct 2019, at 09:25, Greg Choules via dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>> wrote:<br>
> <br>
> Is anyone else experiencing resolution issues for names in this domain? We are seeing a lot of queries of the form:<br>
> CNAME? <a href="http://bvusfvyq.s3.amazonaws.com" rel="noreferrer" target="_blank">bvusfvyq.s3.amazonaws.com</a><br>
> (the label before ".s3" looks random) and a lot of SERVFAIL responses.<br>
> <br>
> Any clues would be appreciated.<br>
<br>
If you believe The Register (I know, I know...) Amazon’s DNS infrastructure is/was the target of a DDoS attack.<br>
<a href="https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/" rel="noreferrer" target="_blank">https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/</a><br>
<br>
</blockquote></div>