On Wed, Mar 28, 2012 at 04:08:33PM +0800, ShanyiWan <w...@114.com.cn> wrote a message of 104 lines which said:
> On the DNS server, a large number of "ANY" type queries occur,why? Probably the reflection+amplification attack which goes on, specially in China, for several months. CNCERT knows about it so I suggest you contact them. https://lists.dns-oarc.net/pipermail/dns-operations/2011-December/007852.html http://dyn.com/active-incident-notification-recent-chinanetany-query-floods/ > The same IP address, produced a large number of requests within a > very short period of time. Can I block these IPs? You probaably should not. The source IP address is forged, it is the address of the victim. If you block it, the victim will not be able to talk to your name servers. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
