On Sat Feb 11, 2017 at 10:58:54 -0700, Glenn English wrote:
> Is anyone else getting thousands of hits on DNS?
Yes, but that's because I host DNS for popular domains.
> But AWS isn't the whole problem -- just the worst offender. And my little
> T1 has been, sometimes, DoS'ed by the hits. They are coming from IPs all
> over the world, from different sources every day, so I can't ask my ISP to
> block them in their big pipe.
It sounds like you're running your own DNS server on your instance.
If that is the case, you might consider moving it to Amazon's route53
infrastructure. That would mean that your DNS wouldn't rely upon your
personal machine, and you're already using AWS ..
Failing that it might be that remote IPs are trying to exploit your
server. Have you tested you're not running an open-resolver, by
accident? You should (probably) be running DNS for only your chosen
domains.
But sadly, without more information, the best we can do is guess
that you're being spidered and hammered for fun. Reporting the abuse
will likely make no difference, even though it should.
> Does anybody have any idea how to stop them?
Stop hosting DNS on the machine, by moving it elsewhere. Also
sanity-check your configuration. If this works, you'll have
trouble, for example:
dig -t a example.com @your.ip.add.ress
Steve
--
# Git-based DNS host
https://dns-api.com/
