Dns-operations mailing list

[Dev Null <devnull AT pfm.io>]

Dnstop will show the queries but if your dump in the interface you won't see them being responded to

Sent from my iPhone

On Nov 25, 2015, at 1:48 PM, Abraão Caldas <abraaocaldas AT gmail.com> wrote:

Well iptables in place, but dnstop still showing these queries....

2015-11-25 14:40 GMT-04:00 Joshua <devnull AT pfm.io>:

Hello,

If you throw these in your IPtables(if your using them) they should drop it.

-A OUTPUT -o eth0 -p udp -m string --algo bm --hex-string "|07|hehehey|02|ru" -j DROP
-A OUTPUT -o eth0 -p udp -m string --algo bm --hex-string "|04|cspc|03|gov" -j DROP

> On Nov 25, 2015, at 1:29 PM, <abraaocaldas AT gmail.com> <abraaocaldas AT gmail.com> wrote:
>
> Hello guys, i´m the operator of ns1.idf.fr.dns.opennic.glue , i´m happy with
> my 100% uptime but now i´m facing a pretty heavy DoS, a lot of queries with
> this:
>
>
> Query Name          Count      %
> --------------- --------- ------
> cpsc.gov             4819   24.7
> hehehey.ru           2374   12.2
>
>
> more than 4800 queries in less than 30 seconds. I put in action all the
> configurations to prevent this, but it keep coming more and more...
> Any advice?
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org


----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org

----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org