[HamWAN PSDR] NetOps: Please disable recursive DNS on all routers
Nigel Vander Houwen
nigelvh at gmail.com
Sun Oct 13 07:41:35 PDT 2013
I'll be working on it this morning.
Nigel
On Oct 12, 2013, at 11:32 PM, Bart Kus wrote:
> Hi,
>
> HamWAN has been used as a DNS amplifier in a DDoS attack. I'm tied up with acquiring some chip fab gear the next couple days (yay!). Can I ask you guys with net ops access to go through the whole network and disable DNS service everywhere? Example of problem:
>
> eo at jo ~ $ dig @44.24.240.133 google.com. A +recurse
>
> ; <<>> DiG 9.9.2 <<>> @44.24.240.133 google.com. A +recurse
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65363
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; ANSWER SECTION:
> google.com. 300 IN A 173.194.33.70
> google.com. 300 IN A 173.194.33.66
> google.com. 300 IN A 173.194.33.69
> google.com. 300 IN A 173.194.33.65
> google.com. 300 IN A 173.194.33.68
> google.com. 300 IN A 173.194.33.72
> google.com. 300 IN A 173.194.33.73
> google.com. 300 IN A 173.194.33.64
> google.com. 300 IN A 173.194.33.71
> google.com. 300 IN A 173.194.33.67
> google.com. 300 IN A 173.194.33.78
>
> ;; Query time: 51 msec
> ;; SERVER: 44.24.240.133#53(44.24.240.133)
> ;; WHEN: Sat Oct 12 22:56:37 2013
> ;; MSG SIZE rcvd: 204
>
> PS: We gotta get some automation up in here for config control.
>
> --Bart
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
More information about the PSDR
mailing list