nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What are these Google IPs hammering on my DNS server?

From: "John R. Levine" <johnl () iecc com>
Date: 3 Dec 2023 18:58:53 -0500
Just set TC=1 for those clients.  If you get queries over TCP then they where not spoofed.  If they are using DNS 
COOKIE (RFC 7873) you can send back BADCOOKIE to the initial (client cookie only) UDP request with your server cookie.  
Identifying real DNS clients has been possible for years now.  It’s not hard.
I could do that but with the other clues I think it's unlikely they're spoofed and far more likely they're real traffic from clueless users. 

Regards,
John Levine, johnl () taugh com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
Previous By Date Next
Previous By Thread Next

Current thread: