On Tue, 2013-04-16 at 13:00 +0100, Phil Mayers wrote: > On 16/04/13 12:41, Kebba Foon wrote: > > > my server is not an open recursive server its only open to my clients > > and these are not even from my country. > > > > You're right, it's probably a spoofed-source DNS amplification attack. > > If your DNS server isn't open (good to hear) you could consider just > ACLing it at your network border. > > Alternatively, you could consider the RRL patches to bind. These looks definitely like an attack, its the same thing on both my recursive servers just check the other now and saw the same queries.
> _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
