nanog mailing list archives
Re: DNS Lookup - Filter "localhost"
From: Stephen Satchell <list () satchell net>
Date: Mon, 17 Nov 2014 14:06:17 -0800
On 11/17/2014 01:11 PM, Radke, Justin wrote:
This past weekend we started receiving bursts of lookups on our DNS server for "localhost." We blocked our subscriber abusing this lookup (most assuredly malware and not intentional) but curious what safeguards you put in place for DOS attacks on your DNS servers. 1. As an ISP do you see a problem with blocking localhost on your DNS servers? (we don't see any validity to these requests but checking with you to see if we've overlooked something).
Not really
2. Do you have an actual localhost zone that issues 127.0.0.1?
Yes
3. Do you block >512 Bytes DNS requests?
No.
4. Do you block non-UDP DNS requests or rate-limit requests?
Yes
5. Anything else you block/filter on your DNS servers?
block/limit "any" queries block/limit "root NS" queries block anycast/broadcast source address packets block fragmented packets
Current thread:
- DNS Lookup - Filter "localhost" Radke, Justin (Nov 17)
- Re: DNS Lookup - Filter "localhost" Stephen Satchell (Nov 17)
- Re: DNS Lookup - Filter "localhost" Anders Löwinger (Nov 17)
- Re: DNS Lookup - Filter "localhost" David Conrad (Nov 17)
- Re: DNS Lookup - Filter "localhost" Tony Finch (Nov 18)
- Re: DNS Lookup - Filter "localhost" Stephen Satchell (Nov 17)