discuss AT lists.opennicproject.org
Subject: Discuss mailing list
[opennic-discuss] My T2 are banned from serveral financial-sector auth dns
- From: Lennart Seitz <mail AT lseitz.de>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] My T2 are banned from serveral financial-sector auth dns
- Date: Tue, 30 Jun 2020 15:59:07 +0200
Hi Discuss List!
Im new to the list so hopefully this is the right place for my question,
if not i apologize.
Apparently multiple finance-sector auth DNS banned my T2 servers from
recursion any of their hosted domains, i dont think their names are
important but they are independent from each other. All my servers are
using binds upstream rate-limit to not spam upstream auth servers to
much and also clients are rate limited and the traffic level of the
servers is minor (~peak round about 10 mbit).
Has anybody experienced something like this? It wonders me that both
come from financial sector, i have not experienced anything like that
yet and both servers are running for quite some time now.
I tried to contact them but only got "your system is detected as a
thread, no details can be shared". My best guess would be that the
servers were used for DNS-AMP attacks towards their servers, but the
rate limit kicks in quite fast and the traffic towards one upstream
server never exceeds 6-8 mbit, and that only for like 1 second, banning
for that seems unreasonable to me.
May i ask (if you are using bind9) what kind of values for
fetches-per-server and fetch-quota-params are reasonable for a T2?
Also any other input is highly appreciated.
Mit freundlichen Grüßen,
PGP-Schlüssel: 0x187abd76a5660379 (https://pgp.lseitz.de/key.asc)
- [opennic-discuss] My T2 are banned from serveral financial-sector auth dns, Lennart Seitz, 06/30/2020
Archive powered by MHonArc 2.6.19.