Hi Bind users, Just wondering if anyone else has seen the DNS nonsense name attacks on their recursives? Any way to mitigate such attacks?
Currently running version 9.10, I already ACL's and have RPZ deployed but this is a "reactive" solution. I read that fetches-per-server and fetches-per-zone have been deployed to subscription releases, any time line for code to be released in the public version? Anything else I can do? Some tcpdump logs 17:35:26.520596 IP 211.27.99.62.1028 > 210.50.44.4.53: 17436+ A? nbpdrsthvwxlm.wwwww.jiajiaxhhq.com. (52) 17:35:26.572225 IP 211.27.99.62.1028 > 210.50.44.4.53: 17437+ A? gcjycliyggj.wwwww.jiajiaxhhq.com. (50) 17:35:26.604453 IP 211.27.99.62.1028 > 210.50.44.4.53: 17438+ A? zvltevrzkmfhtcq.wwwww.jiajiaxhhq.com. (54) 17:35:26.605662 IP 211.27.99.62.1028 > 210.50.44.4.53: 17439+ A? xcfpgnlbbwvwoyk.wwwww.jiajiaxhhq.com. (54) 17:35:26.637777 IP 211.27.99.62.1028 > 210.50.44.4.53: 17440+ A? ttqikqwpcvk.wwwww.jiajiaxhhq.com. (50) 17:35:26.704413 IP 211.27.99.62.1028 > 210.50.44.4.53: 17441+ A? abcqrsghijxlz.wwwww.jiajiaxhhq.com. (52) 17:35:26.704950 IP 211.27.99.62.1028 > 210.50.44.4.53: 17442+ A? aopdefthijklm.wwwww.jiajiaxhhq.com. (52) 17:35:26.715783 IP 211.27.98.70.1029 > 210.50.44.4.53: 63183+ A? eqw.wwwww.jiajiaxhhq.com. (42) 17:35:26.760114 IP 210.50.8.23.41508 > 210.50.44.4.53: 56630+ A? yjmtmpqxwbuh.wwwww.jiajiaxhhq.com. (51) 17:35:26.762262 IP 210.50.8.23.41508 > 210.50.44.4.53: 54127+ A? abelutejkzcl.wwwww.jiajiaxhhq.com. (51) 17:35:26.835637 IP 211.27.99.62.1028 > 210.50.44.4.53: 17443+ A? nbcqrsthvwxym.wwwww.jiajiaxhhq.com. (52) Thanks Neil _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
