[HamWAN PSDR] NetOps: Please disable recursive DNS on all routers
Bart Kus
me at bartk.us
Wed Oct 16 23:05:53 PDT 2013
I didn't notice during my San Jose trip...did all the DNS services get
shut down as expected?
--Bart
On 10/13/2013 7:41 AM, Nigel Vander Houwen wrote:
> I'll be working on it this morning.
>
> Nigel
>
> On Oct 12, 2013, at 11:32 PM, Bart Kus wrote:
>
>> Hi,
>>
>> HamWAN has been used as a DNS amplifier in a DDoS attack. I'm tied up with acquiring some chip fab gear the next couple days (yay!). Can I ask you guys with net ops access to go through the whole network and disable DNS service everywhere? Example of problem:
>>
>> eo at jo ~ $ dig @44.24.240.133 google.com. A +recurse
>>
>> ; <<>> DiG 9.9.2 <<>> @44.24.240.133 google.com. A +recurse
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65363
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;google.com. IN A
>>
>> ;; ANSWER SECTION:
>> google.com. 300 IN A 173.194.33.70
>> google.com. 300 IN A 173.194.33.66
>> google.com. 300 IN A 173.194.33.69
>> google.com. 300 IN A 173.194.33.65
>> google.com. 300 IN A 173.194.33.68
>> google.com. 300 IN A 173.194.33.72
>> google.com. 300 IN A 173.194.33.73
>> google.com. 300 IN A 173.194.33.64
>> google.com. 300 IN A 173.194.33.71
>> google.com. 300 IN A 173.194.33.67
>> google.com. 300 IN A 173.194.33.78
>>
>> ;; Query time: 51 msec
>> ;; SERVER: 44.24.240.133#53(44.24.240.133)
>> ;; WHEN: Sat Oct 12 22:56:37 2013
>> ;; MSG SIZE rcvd: 204
>>
>> PS: We gotta get some automation up in here for config control.
>>
>> --Bart
>>
>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org
>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
More information about the PSDR
mailing list