[nycbug-talk] dns abuse
dan at langille.org
Thu Jan 22 11:41:36 EST 2009
Andy Kosela wrote:
> Yarema <yds at coolrat.org> wrote:
>> I was seeing the same sort of high load from
>> as Max originally reported. So since I'm not returning anything to the
>> "." query yet I am getting hit with repeated queries from the IPs above,
>> doesn't it stand to reason that my servers are the ones getting DDoSed
>> and not the other way around?
> Those source ip's are spoofed. Dan's link can be helpful:
> As I understand it, there is no "proper" way to fix it in BIND9.
FWIW, I was running a bind from base under FreeBSD 6.3. Upgrading to
bind in ports allowed that box to pass the test in question.
Other boxes, running 7.x passed the test. I compared the named.conf
files from the various boxes. There was nothing significant in the
BSDCan - The Technical BSD Conference : http://www.bsdcan.org/
PGCon - The PostgreSQL Conference: http://www.pgcon.org/
More information about the talk