I'm a self-taught admin (aka mild newbie), and I don't understand why people
would hit my DNS servers thousands of times.
I've got a limiter in iptables ('recent' module) that blocks and logs when
there are too many hits from one IP to my DNS servers (5 hits in 10 seconds, on
non-recursive BIND slaves), and I see thousands of hits in my logs (logwatch
reports) every morning, many spread all over a /24 or smaller --
crackers/kiddies for sure, I suspect.
What are they trying to accomplish? How can they get root or useful info from
many DNS queries? Or are they just massively stupid with too much time on their
hands? Or am I?
--
Glenn English
