Stopping name server abuse
Barry Margolin
barmar at alum.mit.edu
Tue Jun 26 14:42:04 UTC 2018
In article <mailman.87.1529956879.803.bind-users at lists.isc.org>,
Paul Kosinski <bind at iment.com> wrote:
> Somebody who has irresponsibly (and apparently wantonly, given his
> refusal to fix it) delegated his domain(s) to your DNS server is
> essentially causing a (modest bandwidth) distributed denial of service
> attack on your server. I don't think that the "responsible" thing to do
> is to sit there and suffer from a significantly increased load.
Good luck getting him prosecuted under any kind of computer abuse law.
That would be like calling the cops on a sibling who is poking you,
claiming that it's assault.
> What should be done is to get the domain(s) revoked if the owner
> continues to refuse to remedy the problem: it is *he*, not you, who is
> being irresponsible. And if the queries are coming via an innocent
> ISP's resolver, then they are inadvertently assisting in the attack,
> and should be contacted and asked to help in the remediation. (Note
> that *their* resources, as well as yours, are being wasted.)
I doubt any ISPs will do anything about it. It's probably negligible
relative to their total DNS volume, and would be more trouble than it's
worth to add filters to block it.
The domain registrar is the place to go, I expect most of them have
standard procedures for exactly this problem.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list