Hello, an update with the findings so far:
- IPv6 config on the servers was an issue so we removed it and will test further later. There is a hint pointed from various people about a Linux kernel issue and setting (net.ipv6.route.max_size), see https://lists.dns-oarc.net/pipermail/dns-operations/2014-February/011366.html - our main issue was that we were being attacked. Open resolvers in our network were utilized to produce large amounts of queries with random subdomains of specific domains. Analyzing a small capture we noticed the following domains, but the list should not be considered complete I guess www.jxoyjt.com.cn liebiao.81ypf.com yuerengu.com.cn www.lgsf.net www.xxcfsb.com lie.zz85.com www.9009pk.com www.bcbang.com One mitigation approach is to blackhole the domains using local zones. -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba ---------------------------------------------------------------------------- () www.asciiribbon.org - against HTML e-mail & proprietary attachments /\ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
