1
requests
Question asked by Erik - April 3, 2014 at 7:47 AM
Answered
i have a DNS server with just a few records on it.  Lately i am seeing way to many requests...  in 2 days over 1.3 million requests..  IP seem to switch and the domains a little too... Like they add numbers to them.. Thoughts?

6 Replies

Reply to Thread
0
Erik Replied
April 4, 2014 at 7:42 AM
ANYBODY??
0
JH Software Replied
April 7, 2014 at 12:01 AM
Employee Post
Sounds like you may be experiencing a DNS amplification attack.
 
 
 
 
0
Erik Replied
April 7, 2014 at 11:08 AM
I have done the suggestions....
still every morning from a new domain it is getting hammered
i put the obvious fake domain into the block plugin and it works for a day
0
JH Software Replied
April 7, 2014 at 11:23 PM
Employee Post
Unfortunately there isn't much more that can be done about this at the DNS level.
You best defense is to make sure that your DNS server is not  "interesting" in that it responds and amplifies requests - see the links provided.
You may need to block the IP range on your firewall for a while until this stops - but remember to unblock again, because the IP addresses belong to the victim - not the attacker.
0
Erik Replied
April 14, 2014 at 8:57 AM
will stopping recursion make it so others cannot read the records on my server?
0
JH Software Replied
April 15, 2014 at 3:03 AM
Employee Post
No.
 
DNS records on your server will still be provided to anyone - no matter what the recursion settings are.
 
The recursion settings only affect who can request records not hosted on your server.

Reply to Thread