On 11/17/2014 01:11 PM, Radke, Justin wrote: > This past weekend we started receiving bursts of lookups on our DNS server > for "localhost." We blocked our subscriber abusing this lookup (most > assuredly malware and not intentional) but curious what safeguards you put > in place for DOS attacks on your DNS servers. > > 1. As an ISP do you see a problem with blocking localhost on your DNS > servers? (we don't see any validity to these requests but checking with you > to see if we've overlooked something).
Not really > 2. Do you have an actual localhost zone that issues 127.0.0.1? Yes > 3. Do you block >512 Bytes DNS requests? No. > 4. Do you block non-UDP DNS requests or rate-limit requests? Yes > 5. Anything else you block/filter on your DNS servers? block/limit "any" queries block/limit "root NS" queries block anycast/broadcast source address packets block fragmented packets
