Actually we detected these ripe.net ANY requests by observing an
increase in TCP DNS requests due to large DNSSEC responses. IP address
does not seem spoofed. It seems these (very few) client wait 10 sec
before closing their TCP connection, which increases the platform load.
We think it is a malware, but feel free to provide more information on
that topic.
BR
Daniel
On 07/24/2012 05:22 PM, Stephane Bortzmeyer wrote:
On Mon, Jul 23, 2012 at 04:49:24PM +0200,
Stephane Bortzmeyer <bortzme...@nic.fr> wrote
a message of 15 lines which said:
Buggy. It parses the DNS packet from the end and therefore fails
with EDNS packets (which have the OPT resource record at the end).
After checking, I stand corrected. This is not the original xt_dns
(which is buggy) but a fork which fixes the parsing. Sorry for the
false alarm.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
