Hi Stephane-san, I've read the article. I am suspecting the attack vector is random subdomain attacks via bad CPEs, they acts open resolvers and forwarding queries to ISP's resolvers.
Possibly, the real target domain name was exist and the attackers tried to down the auth servers of the domain. -- Orange From: Stephane Bortzmeyer <bortzme...@nic.fr> Subject: [dns-operations] DNS attacks against FR/BE/NL resolvers of Internet access providers Date: Mon, 14 Sep 2020 15:14:59 +0200 > On 1 and 2 September 2020, several French IAPs (Internet Access > Providers), including SFR and Bouygues, were "down". Their DNS > resolvers were offline, and it does indeed seem that this was the > result of an attack carried out against these resolvers. > > https://www.afnic.fr/en/resources/blog/about-the-attack-on-french-isps-dns-resolvers.html > > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations