North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DOS attack against DNS?
Last saturday one of our Web server experienced a TCP SYN attck which make the system down for four hours. It seems there is not a good solution which could detect & defend DoS traffic at any time. So, to the class ANY queries, should we only filtering out class any queries on public cache servers ? To my understandings, the amplifying result could also be reached by query type any. Joe --- Alon Tirosh <[email protected]> wrote: > Admitted, i did not notice the type/class > difference. I responded as a knee > jerk reaction, and that is my mistake. > > For the second part, the any query type is useful > (when targeted at either > your NS and/or public NS servers) to quickly alert > to issues such as the one > being discussed with GoDaddy and Nectartech right > now on this list. > > Pick and/or set up an NS server that is TTL agnostic > (flameArmor: this > system is to be used for disparate up-to-date checks > only, and I know by > spec this is far from foolproof but its saved my ass > a couple times in the > past) and checks disparate roots and its useful for > finding or alerting to > major name system, registrar ,and provider issues > quickly. > > Im diverging off-topic, im sure. gnight. > > On 1/17/06, william(at)elan.net <[email protected]> > wrote: > > > > > > Did you notice that it was class "ANY" and not > type "ANY" that Paul noted? > > I've never ever heard of it being used > anywhere.... > > > > As for ANY query type, what do you think will > happen when you query with > > "ANY" to a host in a domain that is not in your > local dns server cache? > > And btw if it is in your dns cache, how > predictable do you think such > > results are going to be??? > > > > On Tue, 17 Jan 2006, Alon Tirosh wrote: > > > > > Not true,. the ANY query has mutliple uses for > consolidating multiple > > > diagnostic queries into a single display, and > also for diversion > > monitoring > > > systems on small domains or groups of same. Not > all of us have the > > resources > > > (or time) of large ISPs behind us. > > > > > > On 15 Jan 2006 17:27:40 +0000, Paul Vixie > <[email protected]> wrote: > > >> > > >>> client xx.xx.xx.xx#6704: query: z.tn.co.za ANY > ANY +E > > >> > > >> class "ANY" has no purpose in the real world, > not even for > > debugging. if > > >> you see it in a query, you can assume malicious > intent. if you hear it > > in > > >> a query, you can safely ignore that query, or > at best, map it to class > > >> "IN". > > >> -- > > >> Paul Vixie > > > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 1GB free storage! http://sg.whatsnew.mail.yahoo.com
|