nanog mailing list archives

Re: DNS DOS increasing?

From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 01 Feb 2002 20:43:22 -0500


In message <24810615.1012581411@[172.25.106.112]>, Mike Batchelor writes:


Stop allowing the world to recurse through your authoritative servers. 
This invites abuse.

Provide a separate set of servers for your customers to recurse through, 
which serve no authoritative data and which have access restricted to your 
own network and your customers'.

--On Saturday, January 19, 2002 1:59 PM -0500 Matt Martini 
<martini () invision net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----

I've been seeing some strange problems in DNS lately (named 8.2.4-REL)
where the nameserver stops resolving certain sites. During investigation
I noticed that my query rate is way up. Many more DNS requests than
normal are hitting my servers. Is anyone else seeing anything like this?


You might be the intermediary in a DNS reflector attack (see
http://www.icir.org/vern/papers/reflectors.CCR.01/index.html for 
details)

                --Steve Bellovin, http://www.research.att.com/~smb
                Full text of "Firewalls" book now at http://www.wilyhacker.com

Current thread:

Re: DNS DOS increasing? Mike Batchelor (Feb 01)
- <Possible follow-ups>
- Re: DNS DOS increasing? Steven M. Bellovin (Feb 01)