[nycbug-talk] dns abuse

Max Gribov max at neuropunks.org
Mon Jan 19 14:23:25 EST 2009


Hi all,
saw a huge spike in root zone ns queries on my servers starting this 
friday 16th
Heres a sample log:
19-Jan-2009 14:19:14.565 client 69.50.x.x#63328: query: . IN NS +
19-Jan-2009 14:19:15.689 client 76.9.x.x#35549: query: . IN NS +
19-Jan-2009 14:19:21.257 client 76.9.x.x#9389: query: . IN NS +

some machines query as often as 20-30 times a minute. No idea why this 
would be happening, doesnt look like legitimate traffic to me..
Is anyone else experiencing this?

If you're having same issue, you can do this in pf to throttle it a bit:
pass in quick on $ext inet proto udp from any to <server> port 53 keep 
state (max-src-states 1)





More information about the talk mailing list