How can someone know Sub-Domains?

[Phil Mayers]

If you are being DOSed at a rate higher than you can handle then you need to liase with your provider to get them to drop the traffic before it reaches you. Google "srtbh".

There are 4 ways attackers might have extracted a list of target hosts.

1. Axfr I.e. Zone transfer - have you locked this down?
2. Dnssec - walking the nsec chain of a signed zone, or (unlikely) attacking the nsec3 hash
3. Reverse lookup of your known ipv4 subnets - this is fast even for big ranges
4. Non-dns means - compromise of a trusted host or person.

What form does the dos take? How are you so sure DNS is even involved?

Do you have bind- or dns-specific questions?
-- 
Sent from my phone. Please excuse brevity and typos.