nanog mailing list archives
RE: DNS DoS ???
From: Drew Weaver <drew.weaver () thenap com>
Date: Fri, 29 Jul 2011 17:00:31 -0400
We've been seeing this for several years on and off. thanks, -Drew -----Original Message----- From: Elliot Finley [mailto:efinley.lists () gmail com] Sent: Friday, July 29, 2011 2:51 PM To: nanog () nanog org Subject: DNS DoS ??? my DNS servers were getting slow so I blocked recursive queries for all but my own network. Then I was getting so many of these: ns2 named[5056]: client 78.159.111.190#25345: query (cache) 'isc.org/ANY/IN' denied that is was still slowing things down. I've since written a script to watch the log and throw these into the box local firewall. If I expire the entries after 24 hours then I accumulate about 10200 unique IPs. If I expire after 48 hours, then it's just over 20000 unique IPs. Is anyone else seeing this? Elliot
Current thread:
- DNS DoS ??? Elliot Finley (Jul 29)
- Re: DNS DoS ??? Stefan Fouant (Jul 29)
- Re: DNS DoS ??? Thomas York (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 29)
- RE: DNS DoS ??? Blake T. Pfankuch (Jul 29)
- Re: DNS DoS ??? Dobbins, Roland (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 30)
- RE: DNS DoS ??? Jon Lewis (Jul 30)
- RE: DNS DoS ??? Alex Nderitu (Jul 30)
- Re: DNS DoS ??? John Adams (Jul 30)
- Re: DNS DoS ??? Mike Sabbota (Jul 30)
- RE: DNS DoS ??? Drew Weaver (Jul 30)
- Re: DNS DoS ??? Jimmy Hess (Jul 30)
- Re: DNS DoS ??? Dobbins, Roland (Jul 30)
- Re: DNS DoS ??? Jimmy Hess (Jul 30)