[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS DoS ???

We've been seeing this for several years on and off.


-----Original Message-----
From: Elliot Finley [mailto:efinley.lists at gmail.com] 
Sent: Friday, July 29, 2011 2:51 PM
To: nanog at nanog.org
Subject: DNS DoS ???

my DNS servers were getting slow so I blocked recursive queries for
all but my own network.

Then I was getting so many of these:

ns2 named[5056]: client query (cache)
'isc.org/ANY/IN' denied

that is was still slowing things down.  I've since written a script to
watch the log and throw these into the box local firewall.  If I
expire the entries after 24 hours then I accumulate about 10200 unique
IPs.  If I expire after 48 hours, then it's just over 20000 unique

Is anyone else seeing this?