Re: DNS hits

To: Glenn English <ghe2001@gmail.com>

Cc: debian-user <debian-user@lists.debian.org>

Subject: Re: DNS hits

From: Igor Cicimov <icicimov@gmail.com>

Date: Sun, 12 Feb 2017 11:00:59 +1100

Message-id: <[🔎] CAAKASGy-dsSGacaWRabVuBNT5FrBoGeOCnHk-5k9y3Tc98rJfg@mail.gmail.com>

In-reply-to: <CAAKASGz3mS2Qr-FfgBE0M=bPZa1j9X2rqJLDx7cCitNkeA=goQ@mail.gmail.com>

References: <[🔎] CAKS_MTt+LuhRZrVAg4FpGzKOjp9qiLqbkdMcV6bzaF6yL9mOfg@mail.gmail.com> <CAAKASGyqMVDK4-TU=oyM=sn2kZ165jDVe9GjhmKD7FG0R5sS6A@mail.gmail.com> <CAAKASGz3mS2Qr-FfgBE0M=bPZa1j9X2rqJLDx7cCitNkeA=goQ@mail.gmail.com>

On 12 Feb 2017 4:59 am, "Glenn English" <ghe2001@gmail.com> wrote:

Is anyone else getting thousands of hits on DNS?

I am, largely from Amazon's AWS. I've emailed Amazon's abuse (from whois), Amazon's customer support, and added all the IP nets to my packet filter.

But AWS isn't the whole problem -- just the worst offender. And my little T1 has been, sometimes, DoS'ed by the hits. They are coming from IPs all over the world, from different sources every day, so I can't ask my ISP to block them in their big pipe.

Does anybody have any idea how to stop them?

--
Glenn English

Your best option is to configure the server as authoritative only and allow recursion from your private network only (if you haven't done so already)

Reply to:

References:

DNS hits
- From: Glenn English <ghe2001@gmail.com>