[nycbug-talk] dns abuse
Max Gribov
max at neuropunks.org
Mon Jan 19 14:23:25 EST 2009
Hi all,
saw a huge spike in root zone ns queries on my servers starting this
friday 16th
Heres a sample log:
19-Jan-2009 14:19:14.565 client 69.50.x.x#63328: query: . IN NS +
19-Jan-2009 14:19:15.689 client 76.9.x.x#35549: query: . IN NS +
19-Jan-2009 14:19:21.257 client 76.9.x.x#9389: query: . IN NS +
some machines query as often as 20-30 times a minute. No idea why this
would be happening, doesnt look like legitimate traffic to me..
Is anyone else experiencing this?
If you're having same issue, you can do this in pf to throttle it a bit:
pass in quick on $ext inet proto udp from any to <server> port 53 keep
state (max-src-states 1)
More information about the talk
mailing list