[143113] in North American Network Operators' Group
Re: DNS DoS ???
daemon@ATHENA.MIT.EDU (Thomas York)
Fri Jul 29 16:27:22 2011
Date: Fri, 29 Jul 2011 16:25:42 -0400
From: Thomas York <straterra@fuhell.com>
To: Elliot Finley <efinley.lists@gmail.com>
In-Reply-To: <CACRGtSOSPm12YE3S=n801ooun32VrXsRfP7yqO55kcHMSnss9A@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is a cryptographically signed message in MIME format.
--------------ms040101020905010405020502
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
I see this all the time on my personal servers. I finally just told bind =
to stop logging it.
On 07/29/2011 02:51 PM, Elliot Finley wrote:
> my DNS servers were getting slow so I blocked recursive queries for
> all but my own network.
>
> Then I was getting so many of these:
>
> ns2 named[5056]: client 78.159.111.190#25345: query (cache)
> 'isc.org/ANY/IN' denied
>
> that is was still slowing things down. I've since written a script to
> watch the log and throw these into the box local firewall. If I
> expire the entries after 24 hours then I accumulate about 10200 unique
> IPs. If I expire after 48 hours, then it's just over 20000 unique
> IPs.
>
> Is anyone else seeing this?
>
> Elliot
>
--------------ms040101020905010405020502
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITeDCC
BjQwggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3
MTAyNDIxMDE1NVoXDTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1T
dGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWdu
aW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOr
lr6KMoOMpohBllVHrdRvEg/q6r8jR+EK75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSM
zR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6
qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxDz2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSD
kOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr/+N2JLKutIxMYqQOJebr/f/h5t95
m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0wggGpMA8GA1UdEwEB/wQFMAMB
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRaMFgwJwYIKwYBBQUH
MAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20v
c2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqD
CH14qywGXLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy
6QMVQjbbMXltUfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPI
zKKR9tQW8gGK+2+RHxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKf
KSETEPrHh7p5shuuNktvsv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HOR
z9v3vQwR4e3ksLc2JZOAFK+ssS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9
sIPP7ON0fz095HdThKjiVJe6vofq+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCie
uoBJ9OlqmsVWQvifIYf40dJPZkk9YgGTzWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7t
w1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGqUp/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQ
G2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb19mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t
5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIGnDCCBYSgAwIBAgIDAgjpMA0GCSqGSIb3DQEB
BQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g
Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMTEwMTEyMDAzMDA4
WhcNMTIwMTEyMjEwODUxWjCBkjEgMB4GA1UEDRMXMzMxOTczLU1DOEVyYWtreTV3VlE3NDMx
HjAcBgNVBAoTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEpMCcGA1UEAxMgU3RhcnRDb20gRnJl
ZSBDZXJ0aWZpY2F0ZSBNZW1iZXIxIzAhBgkqhkiG9w0BCQEWFHN0cmF0ZXJyYUBmdWhlbGwu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArffRewKjVLvmUgMG7pnP4XNL
J6qdLdGpPrV+DzAoGoGGhzS/eX7UDQFy4Qf9hd1p+BBDor7Agv6GSikIwp0u19YuNjfi5aGV
nCT5fTGLcH96OxgssUTkXDy0RF7v3ahdztxIEWL8usYWUIfZVjM+Z/z/AgkfTaC1fluM49UE
ZEFaXPbcge82+5epFkzbt2q3B7ZT55Kh+eFd53/UR5QT4abEOynGpOwpIgxzyhrx07pxwqP6
wRQD/FX2WLRSVYapLuiffUPGlBV/qhCiqYC0Tuny1APHr+B87k+eUBXOuthyj52RrocCwPNu
h0CFiSaoKzu8I9UCBeg8R0q9DO/QzQIDAQABo4IC/TCCAvkwCQYDVR0TBAIwADALBgNVHQ8E
BAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRKF93qPNHV
apD/eQiqEGNOJ2YNqjAfBgNVHSMEGDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAfBgNVHREE
GDAWgRRzdHJhdGVycmFAZnVoZWxsLmNvbTCCAUIGA1UdIASCATkwggE1MIIBMQYLKwYBBAGB
tTcBAgIwggEgMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3ku
cGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRlcm1lZGlhdGUu
cGRmMIG3BggrBgEFBQcCAjCBqjAUFg1TdGFydENvbSBMdGQuMAMCAQEagZFMaW1pdGVkIExp
YWJpbGl0eSwgc2VlIHNlY3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRD
b20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8v
d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMGA1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRz
c2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0
dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2NsaWVudC9jYTBCBggrBgEFBQcw
AoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNzMS5jbGllbnQuY2Eu
Y3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUF
AAOCAQEAUAS4842Grtrb0sliylFK1hvu77XVQg30yW3QMDUqybSFOHGSvdKzzo3t/cBg7IqE
ozE1QEpiV5n5GDNaFf2SLA6WuvJRqStXmAGQiNDGUwYg8t/655FObVu4/7eZofguuR4wLVrQ
Nut8hFNsfPW6neDgeh+XXpNVx4cQS3xCGfZ64zIJk2VXlmWNWzg4syM1nVixlPw0elmr1ZH1
PXkNtlddytqSkGeRihmUjPgczDqXTiaf4qabrIVoa+1IhqUTB+EINbK1GzLHOHp3lPoBgSnm
9pWa0okpZOZvgMqpp95y8f+mAEQLjeSnt0bcw1uVERi45knZ2mppUAdmaW252jCCBpwwggWE
oAMCAQICAwII6TANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p
bmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xp
ZW50IENBMB4XDTExMDExMjAwMzAwOFoXDTEyMDExMjIxMDg1MVowgZIxIDAeBgNVBA0TFzMz
MTk3My1NQzhFcmFra3k1d1ZRNzQzMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQx
KTAnBgNVBAMTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMSMwIQYJKoZIhvcN
AQkBFhRzdHJhdGVycmFAZnVoZWxsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK330XsCo1S75lIDBu6Zz+FzSyeqnS3RqT61fg8wKBqBhoc0v3l+1A0BcuEH/YXdafgQ
Q6K+wIL+hkopCMKdLtfWLjY34uWhlZwk+X0xi3B/ejsYLLFE5Fw8tERe792oXc7cSBFi/LrG
FlCH2VYzPmf8/wIJH02gtX5bjOPVBGRBWlz23IHvNvuXqRZM27dqtwe2U+eSofnhXed/1EeU
E+GmxDspxqTsKSIMc8oa8dO6ccKj+sEUA/xV9li0UlWGqS7on31DxpQVf6oQoqmAtE7p8tQD
x6/gfO5PnlAVzrrYco+dka6HAsDzbodAhYkmqCs7vCPVAgXoPEdKvQzv0M0CAwEAAaOCAv0w
ggL5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF
BQcDBDAdBgNVHQ4EFgQUShfd6jzR1WqQ/3kIqhBjTidmDaowHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwHwYDVR0RBBgwFoEUc3RyYXRlcnJhQGZ1aGVsbC5jb20wggFCBgNV
HSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQICMIIBIDAuBggrBgEFBQcCARYiaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFy
dHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYIKwYBBQUHAgIwgaowFBYNU3RhcnRDb20g
THRkLjADAgEBGoGRTGltaXRlZCBMaWFiaWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1p
dGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGlj
eSBhdmFpbGFibGUgYXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBjBgNV
HR8EXDBaMCugKaAnhiVodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcB
AQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNz
MS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NlcnRz
L3N1Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0
c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQADggEBAFAEuPONhq7a29LJYspRStYb7u+11UIN9Mlt
0DA1Ksm0hThxkr3Ss86N7f3AYOyKhKMxNUBKYleZ+RgzWhX9kiwOlrryUakrV5gBkIjQxlMG
IPLf+ueRTm1buP+3maH4LrkeMC1a0DbrfIRTbHz1up3g4Hofl16TVceHEEt8Qhn2euMyCZNl
V5ZljVs4OLMjNZ1YsZT8NHpZq9WR9T15DbZXXcrakpBnkYoZlIz4HMw6l04mn+Kmm6yFaGvt
SIalEwfhCDWytRsyxzh6d5T6AYEp5vaVmtKJKWTmb4DKqafecvH/pgBEC43kp7dG3MNblREY
uOZJ2dpqaVAHZmltudoxggPQMIIDzAIBATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT
DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp
Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUg
Q2xpZW50IENBAgMCCOkwCQYFKw4DAhoFAKCCAhAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMTEwNzI5MjAyNTQyWjAjBgkqhkiG9w0BCQQxFgQUWc5rg3uu
wA299LVSQoYhyOY/InwwXwYJKoZIhvcNAQkPMVIwUDALBglghkgBZQMEAQIwCgYIKoZIhvcN
AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
AgEoMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFy
dENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5n
MTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVu
dCBDQQIDAgjpMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNV
BAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRl
IFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgQ2xpZW50IENBAgMCCOkwDQYJKoZIhvcNAQEBBQAEggEAMokriMRxwhH+t6ZmaQ18fRO6
ydiONO/0zYpRRxaobkfB2Tbuvk4fvDysKjZcv1v/9W6fdkKk4vQvnWdml/+/4wzeMPWZtpML
/Y3fpp1rE9yIvmYpiEFiXI/ciu0RG5h19IWL803f4JdR069i3zVGm/21GZmxWMyfJ3rppwRf
Ikkiw9b1cOzTLrB4/G+wvYIoqxsfR61wZtcX9J+RvIUAohxgceUtN6fodckNcX4UyKRxloTA
8jZtcKJKRLvrnXQVrbGAqBofVEVBbTyuGYPdLrlsMBsddD+ApGgMvs3GJZSD4DkLBRVKH3Az
Q95MmWjZ4D+9ZyHOvytLoWLy50DqogAAAAAAAA==
--------------ms040101020905010405020502--
