In article <[EMAIL PROTECTED]> you write: > >I just started seeing thousands of DNS queries that look like some sort >of DOS attack. One log entry is below with the IP obscured. > >client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E > >When you look at z.tn.co.za you see a huge TXT record. > >Is anyone else seeing this attack or am I the lucky one? Is this a >known attack? > >Roy
You are being used as a DoS amplifier. The queries will be
spoofed. Someone needs to learn about BCP 38.
Mark
