Date: Mon, 16 Jan 2006 20:34:20 -0700 From: Steve Suhre <cheesiest@nano.net> To: Matt Emmerton <matt@gsicomp.on.ca> Cc: freebsd-hackers@freebsd.org Subject: Re: Named requests filling up T1 Message-ID: <43CC65BC.9040005@nano.net> In-Reply-To: <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca> References: <43CC59E7.6080505@nano.net> <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
>Looks like someone is spamming your DNS server with queries. > >Two questions: >1) Is v.tn.co.za a domain that you are authorative for? >2) Are you an ISP and/or is client 64.18.133.103 authorized to use your DNS >server? > >If the answer to 1) is NO, then there's no reason for these queries to be >directed to your DNS server from the Internet. >If the answer to 2) is NO, then there's no reason for these queries to be >directed to your DNS server from the Internet. > >Source IP filtering is likely your best option, although it doesn't help >with your T1 saturation, although it would give whoever is blasting these >queries a clue. > >-- >Matt Emmerton > > > Thanks Matt, The answer to both is no. The domain doesn't resolve either (v.tn.co.za). It looks like the source IP changes too...sigh.... I tried a whois on the source IP and it was not found, so it may be spoofed? Or someone has a very messed up server... -- Steve Suhre steve@pasta.net 719.439.6052 Cell 719.632.2897 Home
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43CC65BC.9040005>