nanog mailing list archives

DNS DoS ???

From: Elliot Finley <efinley.lists () gmail com>
Date: Fri, 29 Jul 2011 12:51:05 -0600

my DNS servers were getting slow so I blocked recursive queries for
all but my own network.

Then I was getting so many of these:

ns2 named[5056]: client 78.159.111.190#25345: query (cache)
'isc.org/ANY/IN' denied

that is was still slowing things down.  I've since written a script to
watch the log and throw these into the box local firewall.  If I
expire the entries after 24 hours then I accumulate about 10200 unique
IPs.  If I expire after 48 hours, then it's just over 20000 unique
IPs.

Is anyone else seeing this?

Elliot

Current thread:

DNS DoS ??? Elliot Finley (Jul 29)
- Re: DNS DoS ??? Stefan Fouant (Jul 29)
- Re: DNS DoS ??? Thomas York (Jul 29)
- RE: DNS DoS ??? Drew Weaver (Jul 29)
  - RE: DNS DoS ??? Blake T. Pfankuch (Jul 29)
- Re: DNS DoS ??? Dobbins, Roland (Jul 29)
  - RE: DNS DoS ??? Drew Weaver (Jul 30)
    - RE: DNS DoS ??? Jon Lewis (Jul 30)
    - RE: DNS DoS ??? Alex Nderitu (Jul 30)
    - Re: DNS DoS ??? John Adams (Jul 30)
    - Re: DNS DoS ??? Mike Sabbota (Jul 30)

(Thread continues...)