[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS DoS ???

Subject: DNS DoS ???
From: efinley.lists at gmail.com (Elliot Finley)
Date: Fri, 29 Jul 2011 12:51:05 -0600

my DNS servers were getting slow so I blocked recursive queries for
all but my own network.

Then I was getting so many of these:

ns2 named[5056]: client 78.159.111.190#25345: query (cache)
'isc.org/ANY/IN' denied

that is was still slowing things down.  I've since written a script to
watch the log and throw these into the box local firewall.  If I
expire the entries after 24 hours then I accumulate about 10200 unique
IPs.  If I expire after 48 hours, then it's just over 20000 unique
IPs.

Is anyone else seeing this?

Elliot

Follow-Ups:
- DNS DoS ???
  - From: sfouant at shortestpathfirst.net (Stefan Fouant)
- DNS DoS ???
  - From: straterra at fuhell.com (Thomas York)
- DNS DoS ???
  - From: drew.weaver at thenap.com (Drew Weaver)
- DNS DoS ???
  - From: rdobbins at arbor.net (Dobbins, Roland)

Prev by Date: [outages] Several IPv6 sites down?
Next by Date: DNS DoS ???
Previous by thread: [outages] Several IPv6 sites down?
Next by thread: DNS DoS ???
Index(es):
- Date
- Thread