DGA Attack mitigation

2018-04-09 Thread Mahdi Adnan via Unbound-users
Hi, Im wondering how Unbound users are handling DGA and DGA like attacks. Im running 20 Unbound servers and around 20% of response are NXDOMAIN, for queries coming from my clients. Anyone experienced this kind of attack before ? if so, how do you protect your servers against it ? is there somet

Re: DGA Attack mitigation

2018-04-09 Thread Mahdi Adnan via Unbound-users
users@unbound.net Subject: Re: DGA Attack mitigation Am 09.04.2018 um 20:04 schrieb Mahdi Adnan via Unbound-users mailto:unbound-users@unbound.net>>: Im running 20 Unbound servers and around 20% of response are NXDOMAIN, for queries coming from my clients. Block those IPs that are obviously p

Re: DGA Attack mitigation

2018-04-09 Thread Mahdi Adnan via Unbound-users
: > > >> Am 09.04.2018 um 20:04 schrieb Mahdi Adnan via Unbound-users >> mailto:unbound-users@unbound.net>>: >> >> Im running 20 Unbound servers and around 20% of response are NXDOMAIN, >> for queries coming from my clients. > > > > Block those IPs t

Re: Ability to detect when queries are being blocked at the network level

2018-05-03 Thread Mahdi Adnan via Unbound-users
Im having the same issue here with my servers. several queries fails when using my server's source IP but, Google public DNS return an answer. my workaround was to forward those queries to 8.8.8.8 using forward domain. i wonder if there's a way to find what's causing those SERVFAIL. -- Respect

Unbound Srvfail cache

2017-07-05 Thread Mahdi Adnan via Unbound-users
Hi folks, We have a situation here with Unbound, during internet outage for an hour or so, Unbound keeps replying with server servfail for valid domains even after it gain access to internet, to fix this, i have to reload or restart Unbound. This happens every time we lose internet for more th

Re: Unbound Srvfail cache

2017-07-06 Thread Mahdi Adnan via Unbound-users
, 1.4.20 is from 2012. Perhaps the newer version does not have this issue in this manner. You can also flush the infra cache, with unbound-control flush_infra all, that way you don't lose the DNS cache. Best regards, Wouter On 06/07/17 08:05, Mahdi Adnan via Unbound-users wrote: >

Unbound QRT

2017-07-09 Thread Mahdi Adnan via Unbound-users
Hi, How can i measure the query response time ? unbound-control stats histogram is only for recursive requests right ? how can i measure the average response time of the cached queries ? Thanks -- Respectfully Mahdi A. Mahdi

Re: Unbound QRT

2017-07-10 Thread Mahdi Adnan via Unbound-users
so). Best regards, Wouter On 09/07/17 11:10, Mahdi Adnan via Unbound-users wrote: > Hi, > > > How can i measure the query response time ? > > unbound-control stats histogram is only for recursive requests right > ? how can i measure the average response time of the cached que