Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] DDOS blocking

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DDOS blocking

Chronological Thread 
  • From: "Aaron J. Angel" <thatoneguy AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] DDOS blocking
  • Date: Wed, 03 Apr 2013 10:25:29 -0400

On 04/03/2013 09:52 AM, Jeff Taylor wrote:
I'm also not sure about the +E, but take a look at the tcpdump section

Recursion requested (+). EDNS0 enabled (E); that is, large DNS messages.

I'm starting to wonder if we should make it a policy to drop all ANY
requests? It seems that is the key factor behind all of these attacks,
and other than the servers talking between themselves, I don't know of
any use a client would have for such a query.

This doesn't resolve the problem, it just covers it up a portion of it.

On 04/02/2013 11:53 PM, kennytaylor AT wrote:
I'm not entirely sure offhand what that query is asking for.

The query (. IN ANY) is requesting all records for the root zone. As you can imagine, that's a fairly hefty request to be made that often. Likely the result of the previous request ( ANY ANY) being blocked by name servers claiming authority for, then serving no results. (Apparently, that domain had a rather large TXT record.)

Archive powered by MHonArc 2.6.19.

Top of Page