> auth-zones is good. Even better would be 'auth-zones-from-file' with > one domain name per line. > > It would also be good to have some more discussion of the best way to > battle the latest round of <random>.domain lookups from compromised > clients. We're currently seeing a significant number of A lookups for > > Gpd9LVuC.arkhamnetwork.org. > KGm3G79l.arkhamnetwork.org. > L4pEXeQO.arkhamnetwork.org. > xwpJ2qas.arkhamnetwork.org. > 4P9ySJ1W.arkhamnetwork.org. > ... >
We have seen huge number of request to this domain today. We have to drop it at iptables to reduce the load to pdns iptables -I INPUT -p udp --dport 53 -m string --hex-string "|0D|arkhamnetwork|03|com" --algo bm -j DROP iptables -I INPUT -p udp --dport 53 -m string --hex-string "|0D|arkhamnetwork|03|org" --algo bm -j DROP Rgds, Vu. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
