I know...
That is why I have been posting the IP address. I now block 3980 IP address
from our NS servers. Most of them attempt to ssh to our www server and fail,
when they do that, I block the IP. Some the same IP's must have been running
the DoS since they are no longer able to do so on NS1. I have replicated the
block list to NS2 to see, I should know by tomorrow, if NS2 stops getting them
as well.
On a related topic:
Is there anyway to test for poisoning? How can you tell if you are or are not
poisoned.
Date: Fri, 19 Aug 2011 09:33:29 +0800
Subject: Re: client ... query (cache) './NS/IN' denied:
From: short...@gmail.com
To: shashan...@hotmail.com
CC: bind-users@lists.isc.org
On Fri, Aug 19, 2011 at 3:24 AM, Shawn Bakhtiar shashan...@hotmail.com
wrote:
Hi all,
For the first time my primary name server is not reporting any more
client XXX.XXX.XXX.XXX query (cache) './NS/IN' denied: 1 Time(s)
This is a DNS attacking.
Many DNS Servers are meeting this kind of attack each day here.
The traffic is huge, once I noticed the traffic to one of my NS host is 1.6G.
It's a DDoS that will make your DNS can't serve at all.
Regards.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
