Has anyone else noticed dramatic increase in DNS requests?

general

I believe that there is an active DDOS going on using DNS against the US commerce dept.

I did have recursion disabled on all but one server, but on several on my DNS servers I noticed within the past few weeks a dramatic increase of queries for "DOC.GOV" "ANY" records. An increase of 6K/min requests for that record alone on each of the servers (many on linode, but some elsewhere.

The one server that had recursion (now disabled DOH!) had over 60GB of outgoing DNS traffic in 2 days. Outgoing traffic now back to normal, but the queries are still coming in to several of the servers.

3 Replies

forum:hoopycat 11 years ago

I would gander a guess that it wasn't against the Department of Commerce, but rather against the purported source addresses of the packets. This may very well be part of a massive DDoS recently.

forum:AGWA 11 years ago

Yes, I have noticed an increase. I've only seen queries for isc.org/ANY, which is a popular choice for DNS amplification attacks because the response is so large. doc.gov/ANY is even larger though. (It has lots of DNSSEC-related records, no doubt thanks to government's mandate to deploy DNSSEC.)

I don't allow recursion on any of my servers though so I don't know why the attackers are bothering with me.

forum:reaktor 11 years ago

My company has seen many DNS related DoS or DDoS attacks over the past week. (Not linode based)

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Has anyone else noticed dramatic increase in DNS requests?

3 Replies

Reply

Tips: