[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNS hits



On Sat, Feb 11, 2017 at 10:58:54AM -0700, Glenn English wrote:

Nothing about Debian.

Anyway...

> Is anyone else getting thousands of hits on DNS?

Hits how?.
Do you run a DNS server with openly available zones?

> 
> I am, largely from Amazon's AWS. I've emailed Amazon's abuse (from whois),
> Amazon's customer support, and added all the IP nets to my packet filter.
> 
> But AWS isn't the whole problem -- just the worst offender. And my little
> T1 has been, sometimes, DoS'ed by the hits. They are coming from IPs all
> over the world, from different sources every day, so I can't ask my ISP to
> block them in their big pipe.
> 
> Does anybody have any idea how to stop them?
> 

Not enough information.
Install dnstop and check what these requests are.
And then there are so many questions.

Does your DNS answer recursive queries?
How big are your zones? Do you have zones?
Do you allow zone transfers?

Do you have multiple DNS servers running? Is your secondary seeing the same
spike of traffic?


-H


-- 
Henning Follmann           | hfollmann@itcfollmann.com


Reply to: