On 9 August 2013 02:51, Ken Peng <[email protected]> wrote: > All of my six nameservers have been attacking, it's against a special > domain. > > I grep from the last 50000 lines of log and get the attacking IPs as below. > Can you tell what type of attack it is and how to stop this? Thanks.
Is there a reason why your nameservers are allowing those IP addresses to query you? (and thus query waig8.com) i.e. are you supposed to be running an open resolver on those nameservers? If not then the way to "fix" the issue is to either disable recursion completely or restrict recursion to only allowed clients/subnets. If they are supposed to be providing open resolution then you might want to look at rate limiting the clients or use something like RPZ to blacklist the domain from being resolved, but if it is an open resolver then there isn't really anything you can do to completely stop this. Steve _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
