that's really interesting, also on the firewall rate-limiting new UDP connections to 30 per 2 seconds and client IP also catchs all day long several facebook IP's on both nameservers
Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=65378 PROTO=UDP SPT=29558 DPT=53 LEN=54 Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=65379 PROTO=UDP SPT=65053 DPT=53 LEN=54 Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=65380 PROTO=UDP SPT=27469 DPT=53 LEN=54 Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=65381 PROTO=UDP SPT=9288 DPT=53 LEN=54 Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=65382 PROTO=UDP SPT=41241 DPT=53 LEN=54 Firewall Rate-Control: SRC=173.252.100.115 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=50076 PROTO=UDP SPT=44395 DPT=53 LEN=54 Firewall Rate-Control: SRC=173.252.100.115 DST=85.124.176.242 LEN=77 TOS=0x00 PREC=0x00 TTL=80 ID=50077 PROTO=UDP SPT=49631 DPT=53 LEN=57 Firewall Rate-Control: SRC=173.252.100.113 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=20024 PROTO=UDP SPT=15272 DPT=53 LEN=54 Firewall Rate-Control: SRC=173.252.100.113 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=20025 PROTO=UDP SPT=10473 DPT=53 LEN=54 Firewall Rate-Control: SRC=173.252.100.115 DST=85.124.176.242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=50078 PROTO=UDP SPT=47769 DPT=53 LEN=54 Am 30.06.2014 14:22, schrieb Reindl Harald: > am i the only one facing all day long serveral facebook > networks hit RRL on both nameservers? for me there are > only two options to explain that: > > * facebook is too dumb to cache responses (TTL a day) > * that's part of a well distributed amplification trying > not make much noise on the single involved servers > > interesting that this is ongoing for many months > > 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to > 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b) > 30-Jun-2014 13:25:32.184 rate-limit: stop limiting NODATA responses to > 69.171.248.0/24 for ns1.thelounge.net IN > (1abd134b) > 30-Jun-2014 13:30:29.153 rate-limit: limit NODATA responses to > 173.252.74.0/24 for tethys.thelounge.net IN (1b619c65) > 30-Jun-2014 13:31:29.149 rate-limit: stop limiting NODATA responses to > 173.252.74.0/24 for tethys.thelounge.net IN > (1b619c65) > 30-Jun-2014 13:37:12.845 rate-limit: limit NODATA responses to > 173.252.113.0/24 for ns1.thelounge.net IN (1abd134b) > 30-Jun-2014 13:38:12.035 rate-limit: stop limiting NODATA responses to > 173.252.113.0/24 for ns1.thelounge.net IN > (1abd134b) > 30-Jun-2014 13:39:21.736 rate-limit: limit NODATA responses to > 173.252.77.0/24 for ns2.thelounge.net IN (1abd134c) > 30-Jun-2014 13:39:21.738 rate-limit: limit NODATA responses to > 173.252.77.0/24 for arrakis.thelounge.net IN (2041b582) > 30-Jun-2014 13:39:21.873 rate-limit: limit NODATA responses to > 173.252.77.0/24 for ns1.thelounge.net IN (1abd134b) > 30-Jun-2014 13:40:22.792 rate-limit: stop limiting NODATA responses to > 173.252.77.0/24 for arrakis.thelounge.net IN > (2041b582) > 30-Jun-2014 13:40:22.792 rate-limit: stop limiting NODATA responses to > 173.252.77.0/24 for ns1.thelounge.net IN > (1abd134b) > 30-Jun-2014 13:40:23.131 rate-limit: stop limiting NODATA responses to > 173.252.77.0/24 for ns2.thelounge.net IN > (1abd134c) > 30-Jun-2014 14:00:35.542 rate-limit: limit NODATA responses to 31.13.99.0/24 > for ns1.thelounge.net IN (1abd134b) > 30-Jun-2014 14:01:36.564 rate-limit: stop limiting NODATA responses to > 31.13.99.0/24 for ns1.thelounge.net IN > (1abd134b) > 30-Jun-2014 14:16:55.318 rate-limit: limit NODATA responses to > 173.252.102.0/24 for ns1.thelounge.net IN (1abd134b) > 30-Jun-2014 14:16:55.328 rate-limit: limit NODATA responses to > 173.252.102.0/24 for ns2.thelounge.net IN (1abd134c)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
