I know there are several people on this list that know DNS very
well. I have a problem.
A very nice person (not) has published the IP Address of one of our
DNS servers as a nameserver for a bunch of porn sites.
Example: We run dns1.abcd.com on 1.1.1.1 and this guy has published
ns2.pornsite.com on our IP Address of 1.1.1.1
Result is that our DNS server is being bombarded for queries about
these various porn sites. None of the sites I've tested are
actually up... just names of porn sites. Either way we're getting
millions of DNS requests.
We really don't want to change the IP address of that server.
of course not.
But if you do that, keep the current DNS and IP, while adding another
machine and IP.
The queries come from millions of different IP Addresses so there's
no way to block them.
Anyone have any suggestions on how to force someone to clean up their DNS?
aka DDoS, very hard to stop, probably impossible.
If the your DNS really isn't being denied by this attack, just grin
and bear it for a while, see if it stops.
Is your DNS authoritative for domains?
If you can make this machine a recursive-only machine, you could
black-hole queries from Internet with ACL, allowing queries only from
your subnets.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
