If you are being DOSed at a rate higher than you can handle then you need to liase with your provider to get them to drop the traffic before it reaches you. Google "srtbh".
There are 4 ways attackers might have extracted a list of target hosts. 1. Axfr I.e. Zone transfer - have you locked this down? 2. Dnssec - walking the nsec chain of a signed zone, or (unlikely) attacking the nsec3 hash 3. Reverse lookup of your known ipv4 subnets - this is fast even for big ranges 4. Non-dns means - compromise of a trusted host or person. What form does the dos take? How are you so sure DNS is even involved? Do you have bind- or dns-specific questions? -- Sent from my phone. Please excuse brevity and typos. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
