You need to respond to ANY's if you want mail delivery to your domains. There are some popular mail servers out there that don't send MX requests, only ANY to find out where to deliver email to.
Rate limiting is the way to go and stops it dead. Whilst you still get lots of requests, they drop off quicker and your outbound traffic is eliminated. It's worked very well for us and the CN ANY attacks going on for the last few months. -----Original Message----- From: dns-operations-boun...@lists.dns-oarc.net [mailto:dns-operations-boun...@lists.dns-oarc.net] On Behalf Of Dobbins, Roland Sent: 10 June 2012 09:59 To: DNS Operations List Subject: Re: [dns-operations] annoying DDoS attack on ns0.rfc1035.com On Jun 10, 2012, at 3:45 PM, Jim Reid wrote: > And why pick on my name server which has never done anyone any harm? They're just looking for ANY records, there's no rhyme or reason to it. They're spoofing the IP address of the target they're attacking - they're using your server for reflection/amplification. Do you really need to respond to ANY queries - especially when your servers are being abused? ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
