Re: [dns-operations] swiss cheese

[Mehmet Akcin]

On Jan 10, 2013, at 12:06 AM, Randy Bush ra...@psg.com wrote:

 i turned rate-limiting on in bind 9.9.2-rpz2+rl005.12-P1.  seems to
 help.
 

amen rate limiting patch =)

 randy
 ___
 dns-operations mailing list
 dns-operations@lists.dns-oarc.net
 https://lists.dns-oarc.net/mailman/listinfo/dns-operations
 dns-jobs mailing list
 https://lists.dns-oarc.net/mailman/listinfo/dns-jobs



smime.p7s
Description: S/MIME cryptographic signature
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

[dns-operations] swiss cheese

[Randy Bush]

kiddies are out this afternoon.  no big deal, no real services but this
makes uplinks prety ugly

turning off dnssec no real help

108.193.206.169 is not the only source.  and i presume it is spoofed anyway.

clue bat?

randy

 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448671 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448676 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448679 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448681 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448712 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448714 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448725 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448727 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448730 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448731 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448791 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448794 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448795 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448800 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448802 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448805 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448807 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448809 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448811 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448814 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448817 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448819 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448833 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448835 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448865 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448867 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448918 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448922 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448924 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448927 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448930 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448931 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448933 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448934 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448937 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448939 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448943 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 

Re: [dns-operations] swiss cheese

[Patrik Fältström]

Turn on rate limiting in your DNS server.

   Patrik

On 10 jan 2013, at 08:08, Randy Bush ra...@psg.com wrote:

 kiddies are out this afternoon.  no big deal, no real services but this
 makes uplinks prety ugly
 
 turning off dnssec no real help
 
 108.193.206.169 is not the only source.  and i presume it is spoofed anyway.
 
 clue bat?
 
 randy
 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448671 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448676 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448679 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448681 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448712 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448714 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448725 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448727 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448730 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448731 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448791 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448794 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448795 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448800 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448802 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448805 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448807 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448809 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448811 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448814 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448817 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448819 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448833 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448835 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448865 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448867 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448918 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448922 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448924 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448927 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448930 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448931 IP rip.psg.com.domain 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net.39939: 22943*- 19/0/14
 SOA, RRSIG, RRSIG, Type51, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG,
 DNSKEY[|domain]
 06:28:26.448933 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448934 IP rip.psg.com 
 108-193-206-169.lightspeed.frsnca.sbcglobal.net: udp
 06:28:26.448937 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799 
 rip.psg.com.domain: 22943+ [1au] ANY? CH. (31)
 06:28:26.448939 IP 108-193-206-169.lightspeed.frsnca.sbcglobal.net.6799