lame request
Question asked by Fejzula - March 16, 2014 at 9:24 PM
at last month i have about 30-50 lame request  per second... at all time.. and i try blocking these IP manually.. but i see that i can do it, because they change all the time and i search something automatically by plugins but i cant,
how i can resolve that.?
any idea?

3 Replies

Reply to Thread
JH Software Replied
March 18, 2014 at 5:25 AM
Employee Post
Of course, first you need to make sure that these requests are not for domain names that are supposed to be on your server but are not. In that case, you need to setup zones for them.
Next, check the WHOIS information on the domain names requested, and check if they are pointing to your DNS servers (by host name or IP address). If they are, contact the owner's or the registrar to have this changed.
If neither of the above is the case, then this is might be a "DNS amplification attack" where your DNS server is being abused as a relay to DDoS the IP address that the request appears to originate from.
Learn more about this in the section on DNS reflection / amplification attacks at http://www.simpledns.com/help/v52/ht_secure.htm
holger walther fogh Replied
March 21, 2014 at 6:21 AM
I have the same problem with a lot of lame requests. I run an open resolver but access is limited by windows-firewall. But now and then the snoopers hit an ip-addr that is allowed. Is it possible to restrict access to the dns-server based upon incoming MAC-addr in either windows-firewall or simpledns?
JH Software Replied
March 25, 2014 at 1:29 PM
Employee Post
Unfortunately blocking by MAC address won't help.
When your computer receives an IP packet, the sender MAC address in that packet is the address of the last router that the packet passed through. The IP packet does not contain the MAC address of the original sender.
So you'd be blocking your closest router (probably your own or one belonging to your ISP) - and thereby your own Internet access...

Reply to Thread