Re: [IMail Forum] OT: Bombarded by bad DNS queries

Thu, 15 Nov 2007 18:51:56 -0800 

Len,

Thanks for the prompt reply.
No, the server under attack is not authoritative for any domain. It's mostly just used to resolve for our mail servers. I also use it from my notebook, but I guess I could find a different server to use.
I'll see what happens over the next few days, but our mail queue is backing up while waiting on DNS resolution. Not good.
It's a Windows 2003 DNS server so I don't think I can limit IP addresses. Not sure about that... will look at it and see. 

Thanks,
-Joe
----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Thursday, November 15, 2007 8:43 PM
Subject: Re: [IMail Forum] OT: Bombarded by bad DNS queries
I know there are several people on this list that know DNS very well. I have a problem.
A very nice person (not) has published the IP Address of one of our DNS servers as a nameserver for a bunch of porn sites.
Example: We run dns1.abcd.com on 1.1.1.1 and this guy has published ns2.pornsite.com on our IP Address of 1.1.1.1
Result is that our DNS server is being bombarded for queries about these various porn sites. None of the sites I've tested are actually up... just names of porn sites. Either way we're getting millions of DNS requests. 

We really don't want to change the IP address of that server.


of course not.
But if you do that, keep the current DNS and IP, while adding another machine and IP.
The queries come from millions of different IP Addresses so there's no way to block them. 

Anyone have any suggestions on how to force someone to clean up their DNS?


aka DDoS, very hard to stop, probably impossible.
If the your DNS really isn't being denied by this attack, just grin and bear it for a while, see if it stops. 

Is your DNS authoritative for domains?
If you can make this machine a recursive-only machine, you could black-hole queries from Internet with ACL, allowing queries only from your subnets. 

Len


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ 


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to