This happened again this morning between 5:30-8:20AM PDT (1230-1520 UTC). The attack is similar to what's described in this CVE [1] (NXNSAttack), but I have confirmed that we have that patched on our servers. I have put in some local changes on the servers to help ensure the service stays online if it happens again. I'm working on getting this integrated into our configuration management.
I also heard back from LinkOregon and they note that they do have some mitigation measures in place, however it wasn't working with IPv6 at the time. We noticed seeing a fairly equal amount of traffic for IPv4 and IPv6 during the event. If anyone else has some recommended Bind configuration you use to mitigate this, please let me know off list. Thanks for your patience. [1] https://kb.isc.org/docs/cve-2020-8616 On Fri, Oct 28, 2022 at 10:39 PM Lance Albertson <la...@osuosl.org> wrote: > All, > > Between 5-8:15PM PDT (0000-0315 UTC), our DNS servers experienced a DDoS > which affected DNS queries to our authoritative servers. Our caching > servers were also somewhat affected, but less so it seems. The attack > seemed to be sending millions of random queries to one of our hosted > project's domains. > > I have a ticket open with LinkOregon to see if they have any additional > information. Apologies for any issues this might have caused. > > We'll be looking at adding some additional rate limiting to hopefully > mitigate this more in the future. > > If you have any other questions, please let me know via an email to > supp...@osuosl.org > > Thank you! > > -- > Lance Albertson > Director > Oregon State University | Open Source Lab > -- Lance Albertson Director Oregon State University | Open Source Lab
_______________________________________________ Hosting mailing list host...@osuosl.org https://lists.osuosl.org/mailman/listinfo/hosting
