Re: lot of 'ripe.net IN ANY +ED' queries

Phil Mayers Mon, 23 Jul 2012 05:13:35 -0700

On 23/07/12 13:07, Marek Salwerowicz wrote:

Hi all,


I am new subscriber of your list.
I browsed the archive but didn't find answer/hint for my problem.

I am running (at FreeBSD 9.1-PRERELEASE) public caching DNS server.
Since about 2 months I've been receiving lot of (DNS flood attack?)
queries like:

23-Jul-2012 14:03:28.813 queries: info: client 96.44.152.125#53: view
external: query: ripe.net IN ANY +ED (my.dns.server.ip)

What I made now, is just to parse logs and block IPs that ask for
ripe.net via ipfw.

But is there any other solutions for that permanent attacks?


This is getting to be an FAQ.

It's a source-spoofed amplification attacks. See the list archives fordiscussion, including links to a patch for bind with per-clientrate-limiting.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: lot of 'ripe.net IN ANY +ED' queries

Reply via email to