Has anyone else noticed dramatic increase in DNS requests?

Has anyone else noticed dramatic increase in DNS requests?

I believe that there is an active DDOS going on using DNS against the US commerce dept.

I did have recursion disabled on all but one server, but on several on my DNS servers I noticed within the past few weeks a dramatic increase of queries for "DOC.GOV" "ANY" records. An increase of 6K/min requests for that record alone on each of the servers (many on linode, but some elsewhere.

The one server that had recursion (now disabled DOH!) had over 60GB of outgoing DNS traffic in 2 days. Outgoing traffic now back to normal, but the queries are still coming in to several of the servers.

3 Replies

I would gander a guess that it wasn't against the Department of Commerce, but rather against the purported source addresses of the packets. This may very well be part of a massive DDoS recently.

Yes, I have noticed an increase. I've only seen queries for isc.org/ANY, which is a popular choice for DNS amplification attacks because the response is so large. doc.gov/ANY is even larger though. (It has lots of DNSSEC-related records, no doubt thanks to government's mandate to deploy DNSSEC.)

I don't allow recursion on any of my servers though so I don't know why the attackers are bothering with me.

My company has seen many DNS related DoS or DDoS attacks over the past week. (Not linode based)


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct