What are these entries in the log file - " query: . IN NS +"?
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 27 02:27:04 UTC 2009
In message <barmar-3C4A47.20101026012009 at mara100-84.onlink.net>, Barry Margolin
writes:
> In article <gllha9$2ote$1 at sf1.isc.org>,
> "Tony Toews [MVP]" <ttoews at telusplanet.net> wrote:
>
> > Gregory Hicks <ghicks at hicks-net.net> wrote:
> >
> >
> > >> 2) What are they?
> > >
> > >They look like the DDoS being discussed on the NANOG list.
> > >
> > >Have you implemented BCP38? If not, why not...
> >
> > I have no idea what BCP38 is and how I can implement that. Would you be so
>
> > kind as
> > to supply links relevant to Windows 2003 Server?
>
> BCP38 is not something you implement, it's something that has to be
> implemented by the ISPs hosting the attacking systems. They have to
> block forged source IPs from their customers.
BCP 38 is something everyone should implement. A site
shouldn't allow packets to leave with bogus source addresses.
That being said there is no real expectation that home users
will be implementing BCP 38 so it falls back to the ISP's
implement to catch the bad packets when they reach their
network.
> Since there are many ISPs out there that are too lazy, incompetent, or
> just don't care, where probably never going to be rid of these kinds of
> attacks.
Agreed. You can however do your part by choosing ISP/IAP's that
deploy BCP 38 over ones that don't. Add it to the selection
criteria for a ISP/IAP. Ones that do are probably more clueful
overall and you will have less problems in the end.
Mark
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list