Date: Mon, 1 Apr 2013 07:23:13 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: "Don O'Neil" <lists@lizardhill.com> Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPFW causing failed DNS and FTP sessions Message-ID: <CAHu1Y714J5o2Xove%2BENJiSEojhdqA9gdTkjzXi5%2BJ1YO=NBK4g@mail.gmail.com> In-Reply-To: <050001ce2eca$894d0240$9be706c0$@com> References: <049d01ce2e89$c428ab80$4c7a0280$@com> <CAHu1Y70GrfKs9QQZDpm2rHXorEwWDebnd2=k5=LbVZLCdfzEJA@mail.gmail.com> <04ae01ce2e92$1283bf10$378b3d30$@com> <CAHu1Y70Y98ccp6_bRXmz8ZGnYVUFfgD4n=mXrRAgLaoh8Ya2Fg@mail.gmail.com> <050001ce2eca$894d0240$9be706c0$@com>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, what's your DNS setup? Are you running a recursive cache that contacts the root servers directly? Using your ISP's servers? Etc. As a mitigation step, I tried pointing my caches to 8.8.8.8 and 8.8.4.4. - but it turns out that Google is intentionally blocking (returning NX responses to) many netblocks right now because they contain hosts known to be part of the botnet in the DDOS DNS amplification attack. I'm mirroring the root zone everywhere I have a cache, and it's helping.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y714J5o2Xove%2BENJiSEojhdqA9gdTkjzXi5%2BJ1YO=NBK4g>