On 10/27/12 09:05, Lyle Giese wrote:
On 10/27/12 08:43, Jeremy Chadwick wrote:
I know EasyDNS is anycasted, so some of this troubleshooting work doesn't narrow things down, but something is indeed going on.
Issue started roughly 2012/10/27 at 06:25 Pacific.
I'm guessing a DoS attack but that's speculative.
Stuff deleted....
From my DNS server logs, they are the subject of a DNS amplification attack.
Oct 27 08:54:02 linux named[18188]: limit REFUSED responses to 72.52.2.0/24 Oct 27 08:55:07 linux named[18188]: stop limiting error responses to 72.52.2.0/24 Oct 27 08:56:02 linux named[18188]: limit REFUSED responses to 72.52.2.0/24 Oct 27 08:57:02 linux named[18188]: stop limiting error responses to 72.52.2.0/24 Oct 27 08:58:02 linux named[18188]: limit REFUSED responses to 72.52.2.0/24 Oct 27 08:59:02 linux named[18188]: stop limiting error responses to 72.52.2.0/24 Oct 27 09:00:02 linux named[18188]: limit REFUSED responses to 72.52.2.0/24
Timestamps are CDT. My DNS servers have been an 'innocent victim' for about three weeks now and I installed the rate limit patches this morning to bind 9.8.4 from http://www.redbarn.org/ratelimits
Lyle Giese LCR Computer Services, Inc. They switched here to going after 67.228.102.243 already.
Lyle Giese LCR Computer Services, Inc.