On 05/12/2023 20:08, Christopher Morrow wrote:
is the test framework documented where others could setup/run the
test(s)? :) (perhaps for mr hare I mean, or me! :) )
https://github.com/isc-projects/perflab
https://www.isc.org/docs/bellis-oarc-perflab.pdf
Are the tests for authoritative o
On Tue, Dec 5, 2023 at 10:17 AM Ray Bellis wrote:
>
>
>
> On 05/12/2023 12:29, Michael Hare via NANOG wrote:
>
> > At quick glance following the ISC link I didn’t see the compute
> > infrastructure [core count] needed to get 1Mpps. There is an obvious
> > difference between 99% load of ~500rps an
On 05/12/2023 12:29, Michael Hare via NANOG wrote:
At quick glance following the ISC link I didn’t see the compute
infrastructure [core count] needed to get 1Mpps. There is an obvious
difference between 99% load of ~500rps and 1M, so we can maybe advise to
not undersize ADNS if that's an i
x27;s an interesting comment about DNSSEC that I hadn't considered.
-Michael
From: Damian Menscher
Sent: Monday, December 4, 2023 12:21 PM
To: Michael Hare
Cc: John R. Levine ; nanog@nanog.org
Subject: Re: What are these Google IPs hammering on my DNS server?
Google Public DNS (8.8.8.8) attemp
On Mon, 4 Dec 2023, Damian Menscher wrote:
have more redundancy/capacity). Based on these estimates, we haven't
treated mitigation of small attacks as a high priority. If O(25Kpps)
attacks are causing real problems for the community, I'd appreciate that
feedback and some hints as to why your ex
ap like this? Nothing/waiting
> it out? Oursourcing DNS? Scrubbing appliance? Poormans stuff like I
> mention above?
>
> -Michael
>
> > -Original Message-----
> > From: NANOG On
> > Behalf Of John R. Levine
> > Sent: Sunday, December 3, 2023 1:18 PM
>
Just set TC=1 for those clients. If you get queries over TCP then they where
not spoofed. If they are using DNS COOKIE (RFC 7873) you can send back
BADCOOKIE to the initial (client cookie only) UDP request with your server
cookie. Identifying real DNS clients has been possible for years now.
> On 4 Dec 2023, at 08:21, Michael Hare via NANOG wrote:
>
> John-
>
> This is little consolation, but at AS3128, I see the same thing to our
> downstream at times, claiming to come from both 13335 and 15169 often
> simultaneously at the tune of 25Kpps , "assuming it's not spoofed", which i
PM
To: Peter Potvin
Cc: nanog@nanog.org
Subject: Re: What are these Google IPs hammering on my DNS server?
Did a bit of digging on Google's developer site and came across this:
https://developers.google.com/speed/public-
dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_t
Sunday, December 3, 2023 1:18 PM
> To: Peter Potvin
> Cc: nanog@nanog.org
> Subject: Re: What are these Google IPs hammering on my DNS server?
>
> > Did a bit of digging on Google's developer site and came across this:
> > https://developers.google.com/speed/publ
Did a bit of digging on Google's developer site and came across this:
https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries
Looks like the IPs you mentioned belong to Google's public DNS resolver
based on that list on their site.
172.253.X.X are Google DNS : https://www.gstatic.com/ipranges/publicdns.json
172.71.X.X are Cloudflare : https://www.cloudflare.com/ips-v4/#
On Sun, Dec 3, 2023 at 1:49 PM John Levine wrote:
> At contacts.abuse.net, I have a little stunt DNS server that provides
> domain contact info, e.g.:
>
They are probably spoofed IPs. So those are the target IP IPs of a DDoS
What king of amplification factor does your DNS server have? I bet with the
changes you’ve made, it’s super high. People are looking for DNS servers like
that.
On the contrary, the reponse packets are tiny.
$ host -t
Did a bit of digging on Google's developer site and came across this:
https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries
Looks like the IPs you mentioned belong to Google's public DNS resolver
based on that list on their site. T
They are probably spoofed IPs. So those are the target IP IPs of a DDoS
What king of amplification factor does your DNS server have? I bet with the
changes you’ve made, it’s super high. People are looking for DNS servers like
that.
Tom
> On Dec 3, 2023, at 10:49 AM, John Levine wrote:
>
- Original Message -
From: "John Levine"
To: nanog@nanog.org
Sent: Sunday, December 3, 2023 12:48:11 PM
Subject: What are these Google IPs hammering on my DNS server?
At contacts.abuse.net, I have a little stunt DNS server that provides domain
contact info, e
At contacts.abuse.net, I have a little stunt DNS server that provides domain
contact info, e.g.:
$ host -t txt comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net descriptive text "ab...@comcast.net"
$ host -t hinfo comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net host inf
17 matches
Mail list logo
