lot of 'ripe.net IN ANY +ED' queries
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jul 23 12:12:34 UTC 2012
On 23/07/12 13:07, Marek Salwerowicz wrote:
> Hi all,
>
> I am new subscriber of your list.
> I browsed the archive but didn't find answer/hint for my problem.
>
> I am running (at FreeBSD 9.1-PRERELEASE) public caching DNS server.
> Since about 2 months I've been receiving lot of (DNS flood attack?)
> queries like:
>
> 23-Jul-2012 14:03:28.813 queries: info: client 96.44.152.125#53: view
> external: query: ripe.net IN ANY +ED (my.dns.server.ip)
>
> What I made now, is just to parse logs and block IPs that ask for
> ripe.net via ipfw.
>
> But is there any other solutions for that permanent attacks?
This is getting to be an FAQ.
It's a source-spoofed amplification attacks. See the list archives for
discussion, including links to a patch for bind with per-client
rate-limiting.
More information about the bind-users
mailing list