[ratelimits] error in amplification attack
Lyle Giese
lyle at lcrcomputer.net
Tue Nov 13 16:38:30 UTC 2012
I am seeing this in our logs now:
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#63663: view
external: query (cache) 'lcrcomputer/ANY/IN' denied
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#9119: view
external: query (cache) 'lcrcomputer/ANY/IN' denied
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#33665: view
external: query (cache) 'lylegiese/ANY/IN' denied
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#54595: view
external: query (cache) 'lcrcomputer/ANY/IN' denied
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#11802: view
external: query (cache) 'lcrcomputer/ANY/IN' denied
Nov 12 07:36:24 linux named[18188]: client 199.59.163.143#13852: view
external: query (cache) 'lcrcomputer/ANY/IN' denied
It would appear that they are missing the .<suffix>. I don't know what
reply my server gives back in this case. Would it be of any use to
apply rate limiting to this case also?
Thank,
Lyle Giese
LCR Computer Services, Inc.
More information about the ratelimits
mailing list