[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS DoS ???

Subject: DNS DoS ???
From: straterra at fuhell.com (Thomas York)
Date: Fri, 29 Jul 2011 16:25:42 -0400
In-reply-to: <CACRGtSOSPm12YE3S=n801ooun32VrXsRfP7yqO55kcHMSnss9A@mail.gmail.com>
References: <CACRGtSOSPm12YE3S=n801ooun32VrXsRfP7yqO55kcHMSnss9A@mail.gmail.com>

I see this all the time on my personal servers. I finally just told bind 
to stop logging it.

On 07/29/2011 02:51 PM, Elliot Finley wrote:
> my DNS servers were getting slow so I blocked recursive queries for
> all but my own network.
>
> Then I was getting so many of these:
>
> ns2 named[5056]: client 78.159.111.190#25345: query (cache)
> 'isc.org/ANY/IN' denied
>
> that is was still slowing things down.  I've since written a script to
> watch the log and throw these into the box local firewall.  If I
> expire the entries after 24 hours then I accumulate about 10200 unique
> IPs.  If I expire after 48 hours, then it's just over 20000 unique
> IPs.
>
> Is anyone else seeing this?
>
> Elliot
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6022 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110729/00282a48/attachment.bin>

References:
- DNS DoS ???
  - From: efinley.lists at gmail.com (Elliot Finley)

Prev by Date: Weekly Routing Table Report
Next by Date: DNS DoS ???
Previous by thread: DNS DoS ???
Next by thread: DNS DoS ???
Index(es):
- Date
- Thread