nanog mailing list archives
Re: DNS DoS ???
From: Thomas York <straterra () fuhell com>
Date: Fri, 29 Jul 2011 16:25:42 -0400
I see this all the time on my personal servers. I finally just told bind to stop logging it.
On 07/29/2011 02:51 PM, Elliot Finley wrote:
my DNS servers were getting slow so I blocked recursive queries for all but my own network. Then I was getting so many of these: ns2 named[5056]: client 78.159.111.190#25345: query (cache) 'isc.org/ANY/IN' denied that is was still slowing things down. I've since written a script to watch the log and throw these into the box local firewall. If I expire the entries after 24 hours then I accumulate about 10200 unique IPs. If I expire after 48 hours, then it's just over 20000 unique IPs. Is anyone else seeing this? Elliot
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- DNS DoS ??? Elliot Finley (Jul 29)
- Re: DNS DoS ??? Stefan Fouant (Jul 29)
- Re: DNS DoS ??? Thomas York (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 29)
- RE: DNS DoS ??? Blake T. Pfankuch (Jul 29)
- Re: DNS DoS ??? Dobbins, Roland (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 30)
- RE: DNS DoS ??? Jon Lewis (Jul 30)
- RE: DNS DoS ??? Alex Nderitu (Jul 30)
- Re: DNS DoS ??? John Adams (Jul 30)
- Re: DNS DoS ??? Mike Sabbota (Jul 30)
- RE: DNS DoS ??? Drew Weaver (Jul 30)
- Re: DNS DoS ??? Jimmy Hess (Jul 30)
- Re: DNS DoS ??? Dobbins, Roland (Jul 30)