[88012] in North American Network Operators' Group
Re: DOS attack against DNS?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jan 17 14:21:32 2006
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Your message of "Wed, 18 Jan 2006 01:00:36 +0800."
<20060117170036.52239.qmail@web53610.mail.yahoo.com>
Date: Tue, 17 Jan 2006 19:21:03 +0000
Errors-To: owner-nanog@merit.edu
# Last saturday one of our Web server experienced a TCP SYN attck which make
# the system down for four hours. It seems there is not a good solution which
# could detect & defend DoS traffic at any time.
by definition, there will never be a single defense against all attacks.
# So, to the class ANY queries, should we only filtering out class any queries
# on public cache servers ?
if you're seeing them and they're hurting you, yes. or if you're willing to
undure the configuration pain of always dropping them (see marka's recent mail
on "view" statements for this purpose), then yes.
# To my understandings, the amplifying result could also be reached by query
# type any.
that's not my understanding. you're more likely to be hurt by a peer's lack
of BCP38 conformance than by all the type=ANY queries you'll ever hear in DNS.
