[176175] in North American Network Operators' Group
Re: DNS Lookup - Filter "localhost"
daemon@ATHENA.MIT.EDU (Stephen Satchell)
Mon Nov 17 17:06:26 2014
X-Original-To: nanog@nanog.org
Date: Mon, 17 Nov 2014 14:06:17 -0800
From: Stephen Satchell <list@satchell.net>
To: "Radke, Justin" <jradke@canbytel.com>
In-Reply-To: <CA+GZS2be1UwOmVvaNYinForRxJ9qu=+ALcvf4uL4_TBLsRzevg@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 11/17/2014 01:11 PM, Radke, Justin wrote:
> This past weekend we started receiving bursts of lookups on our DNS server
> for "localhost." We blocked our subscriber abusing this lookup (most
> assuredly malware and not intentional) but curious what safeguards you put
> in place for DOS attacks on your DNS servers.
>
> 1. As an ISP do you see a problem with blocking localhost on your DNS
> servers? (we don't see any validity to these requests but checking with you
> to see if we've overlooked something).
Not really
> 2. Do you have an actual localhost zone that issues 127.0.0.1?
Yes
> 3. Do you block >512 Bytes DNS requests?
No.
> 4. Do you block non-UDP DNS requests or rate-limit requests?
Yes
> 5. Anything else you block/filter on your DNS servers?
block/limit "any" queries
block/limit "root NS" queries
block anycast/broadcast source address packets
block fragmented packets
