Stopping name server abuse

2018-06-24 Thread Alex 
Hi,
We had a former customer who parked about 300 domains with his
registry on our server but is no longer a customer and hasn't moved
his domains. There aren't any hosts behind the domains.

Is there anything more I can do to block/prevent them from continually
querying my system outside of just redirecting them to localhost or
something?

It's not a terrible amount of traffic, but it's pretty substantial.

Unfortunately asking him nicely didn't work.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Warren Kumari 
Unfortunately I don’t think that there is, other than the nuclear option of
becoming authoritative and pointing them elsewhere.

That would be a jackass move though.

W

On Sun, Jun 24, 2018 at 3:30 PM Alex  wrote:

> Hi,
> We had a former customer who parked about 300 domains with his
> registry on our server but is no longer a customer and hasn't moved
> his domains. There aren't any hosts behind the domains.
>
> Is there anything more I can do to block/prevent them from continually
> querying my system outside of just redirecting them to localhost or
> something?
>
> It's not a terrible amount of traffic, but it's pretty substantial.
>
> Unfortunately asking him nicely didn't work.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread jonny 

hi,
why dont you just delete the zones?
j.

Am 24.06.2018 um 22:35 schrieb Warren Kumari:

Unfortunately I don’t think that there is, other than the nuclear option of
becoming authoritative and pointing them elsewhere.

That would be a jackass move though.

W

On Sun, Jun 24, 2018 at 3:30 PM Alex  wrote:


Hi,
We had a former customer who parked about 300 domains with his
registry on our server but is no longer a customer and hasn't moved
his domains. There aren't any hosts behind the domains.

Is there anything more I can do to block/prevent them from continually
querying my system outside of just redirecting them to localhost or
something?

It's not a terrible amount of traffic, but it's pretty substantial.

Unfortunately asking him nicely didn't work.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Barry Margolin 
In article ,
 jo...@hasig.de wrote:

> hi,
> why dont you just delete the zones?

That won't stop the queries from coming to the server.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread jonny 

yes, but it minimizes the use of resources because the only answer is nxdomain.
j.

Am 24.06.2018 um 23:41 schrieb Barry Margolin:

In article ,
  jo...@hasig.de wrote:


hi,
why dont you just delete the zones?


That won't stop the queries from coming to the server.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread John W. Blue 
I disagree.  Put up classy default page that is smart but funny while pointing 
out that owners of the domains are morons.

So many options here!

John

Sent from Nine

From: Warren Kumari 
Sent: Jun 24, 2018 3:36 PM
To: Alex
Cc: bind-users@lists.isc.org
Subject: Re: Stopping name server abuse

Unfortunately I don't think that there is, other than the nuclear option of 
becoming authoritative and pointing them elsewhere.

That would be a jackass move though.

W

On Sun, Jun 24, 2018 at 3:30 PM Alex 
mailto:mysqlstud...@gmail.com>> wrote:
Hi,
We had a former customer who parked about 300 domains with his
registry on our server but is no longer a customer and hasn't moved
his domains. There aren't any hosts behind the domains.

Is there anything more I can do to block/prevent them from continually
querying my system outside of just redirecting them to localhost or
something?

It's not a terrible amount of traffic, but it's pretty substantial.

Unfortunately asking him nicely didn't work.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad idea in the 
first place.
This is like putting rabid weasels in your pants, and later expressing regret 
at having chosen those particular rabid weasels and that pair of pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Mukund Sivaraman 
On Sun, Jun 24, 2018 at 04:30:08PM -0400, Alex wrote:
> Hi,
> We had a former customer who parked about 300 domains with his
> registry on our server but is no longer a customer and hasn't moved
> his domains. There aren't any hosts behind the domains.
> 
> Is there anything more I can do to block/prevent them from continually
> querying my system outside of just redirecting them to localhost or
> something?
> 
> It's not a terrible amount of traffic, but it's pretty substantial.
> 
> Unfortunately asking him nicely didn't work.

Serve the customer an invoice. They're his domains after all, and he's
using up your resources. You can identify him and show that your
resources are being used because he has not moved the delegations.

Mukund
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Mark Andrews 
You should just be able to ask the registries to remove the delegations
in a sane world as per RFC 1033.

COMPLAINTS

   These are the suggested steps you should take if you are having
   problems that you believe are caused by someone else's name server:


   1.  Complain privately to the responsible person for the domain.  You
   can find their mailing address in the SOA record for the domain.

   2.  Complain publicly to the responsible person for the domain.

   3.  Ask the NIC for the administrative person responsible for the
   domain.  Complain.  You can also find domain contacts on the NIC in
   the file NETINFO:DOMAIN-CONTACTS.TXT

   4.  Complain to the parent domain authorities.

   5.  Ask the parent authorities to excommunicate the domain.

If that doesn’t work go to the local magistrate an seek a court order for the
delegating records that point to you to be removed.  Then serve the court order
on the registries.

You are NOT required to follow whatever dispute resolution process that
has been worked out between the Registries, Registrars and Registrant as
you are NOT party to that contract.

Your lawyer should be able to workout exactly how to to this.

> On 25 Jun 2018, at 6:30 am, Alex  wrote:
> 
> Hi,
> We had a former customer who parked about 300 domains with his
> registry on our server but is no longer a customer and hasn't moved
> his domains. There aren't any hosts behind the domains.
> 
> Is there anything more I can do to block/prevent them from continually
> querying my system outside of just redirecting them to localhost or
> something?
> 
> It's not a terrible amount of traffic, but it's pretty substantial.
> 
> Unfortunately asking him nicely didn't work.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread marka 
Sorry for the noise
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread A 
You could ask the registrar/root domain admins to point those domains 
somewhere other than your server; or just delete them from the root 
servers at their perogative.  You might want to give your ex-customer a 
final warning beforehand as to your intent.  It might spur them into 
actionand maybe help deter any potential legal action after the fact.  
I'm not a lawyer.  This is not legal advice.


- A

On 06/24/2018 01:30 PM, Alex wrote:

Hi,
We had a former customer who parked about 300 domains with his
registry on our server but is no longer a customer and hasn't moved
his domains. There aren't any hosts behind the domains.

Is there anything more I can do to block/prevent them from continually
querying my system outside of just redirecting them to localhost or
something?

It's not a terrible amount of traffic, but it's pretty substantial.

Unfortunately asking him nicely didn't work.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Noel Butler 
On 25/06/2018 10:09, ma...@isc.org wrote:

> Sorry for the noise

What noise? 

Your post is to the point and appropriate, lots of members of this list
may be in this situation and ignore it because they have NFI on what to
do, so you've helped them. 

Though personally I have done a few times what John Blue suggested,
might not stop my resources being abused, but it gets the point across
:)

-- 
Kind Regards, 

Noel Butler 

This Email, including any attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents 

 

Links:
--
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

2018-06-24 Thread Paul Kosinski 
Is it possible to get BIND not to respond at all, thereby causing
a timeout on the query? That would perhaps reduce load more than
NXDOMAIN or deleting the sone(s) would.


On Mon, 25 Jun 2018 00:03:09 +0200
jo...@hasig.de wrote:

> yes, but it minimizes the use of resources because the only answer is
> nxdomain. j.
> 
> Am 24.06.2018 um 23:41 schrieb Barry Margolin:
> > In article ,
> >   jo...@hasig.de wrote:
> > 
> >> hi,
> >> why dont you just delete the zones?
> > 
> > That won't stop the queries from coming to the server.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Stopping name server abuse

2018-06-24 Thread Browne, Stuart via bind-users 
If the incoming query has already been parsed and it BIND instance now knows it 
doesn't need to respond, it's already done all the work, so there's no point 
not sending the response. To introduce something before the BIND instance in 
userspace, then for every legitimate query you are double-processing; more 
wasted resources.

In either case, by 'not responding', you're tying up even more resources (open 
sockets or other connection tracking mechanisms if you haven't disabled them) 
until the connections all time out.

If you're filtering on an upstream device that can do that level of analysis 
without hurting your network, then maybe, but once again, you're 
double-processing every legitimate query; you're only moving the cost to a 
different device.

It's best to respond nicely and move on.

Unless the DNS server is massively under-resourced or the query load is in the 
many-thousands-per-second range, there shouldn't be that much of an issue with 
the server coping with the load; but from what I can tell on this thread, it's 
more about "The customer is no longer paying so I want to stop spending money 
or resources for them".

Stuart

> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
> Paul Kosinski
> Sent: Monday, 25 June 2018 1:40 PM
> To: bind-users@lists.isc.org
> Subject: Re: Stopping name server abuse
> 
> Is it possible to get BIND not to respond at all, thereby causing
> a timeout on the query? That would perhaps reduce load more than
> NXDOMAIN or deleting the sone(s) would.
> 
> 
> On Mon, 25 Jun 2018 00:03:09 +0200
> jo...@hasig.de wrote:
> 
> > yes, but it minimizes the use of resources because the only answer is
> > nxdomain. j.
> >
> > Am 24.06.2018 um 23:41 schrieb Barry Margolin:
> > > In article ,
> > >   jo...@hasig.de wrote:
> > >
> > >> hi,
> > >> why dont you just delete the zones?
> > >
> > > That won't stop the queries from coming to the server.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users