[HamWAN PSDR] NetOps: Please disable recursive DNS on all routers

Nigel Vander Houwen nigelvh at gmail.com
Wed Oct 16 23:11:38 PDT 2013 

Yes. DNS was disabled in the firewall at the edge router, as well as all modems and routers at the sites had remote DNS queries disabled.

Nigel

On Oct 16, 2013, at 11:05 PM, Bart Kus wrote:

> I didn't notice during my San Jose trip...did all the DNS services get shut down as expected?
> 
> --Bart
> 
> 
> On 10/13/2013 7:41 AM, Nigel Vander Houwen wrote:
>> I'll be working on it this morning.
>> 
>> Nigel
>> 
>> On Oct 12, 2013, at 11:32 PM, Bart Kus wrote:
>> 
>>> Hi,
>>> 
>>> HamWAN has been used as a DNS amplifier in a DDoS attack.  I'm tied up with acquiring some chip fab gear the next couple days (yay!). Can I ask you guys with net ops access to go through the whole network and disable DNS service everywhere?  Example of problem:
>>> 
>>> eo at jo ~ $ dig @44.24.240.133 google.com. A +recurse
>>> 
>>> ; <<>> DiG 9.9.2 <<>> @44.24.240.133 google.com. A +recurse
>>> ; (1 server found)
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65363
>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
>>> 
>>> ;; QUESTION SECTION:
>>> ;google.com.                    IN      A
>>> 
>>> ;; ANSWER SECTION:
>>> google.com.             300     IN      A 173.194.33.70
>>> google.com.             300     IN      A 173.194.33.66
>>> google.com.             300     IN      A 173.194.33.69
>>> google.com.             300     IN      A 173.194.33.65
>>> google.com.             300     IN      A 173.194.33.68
>>> google.com.             300     IN      A 173.194.33.72
>>> google.com.             300     IN      A 173.194.33.73
>>> google.com.             300     IN      A 173.194.33.64
>>> google.com.             300     IN      A 173.194.33.71
>>> google.com.             300     IN      A 173.194.33.67
>>> google.com.             300     IN      A 173.194.33.78
>>> 
>>> ;; Query time: 51 msec
>>> ;; SERVER: 44.24.240.133#53(44.24.240.133)
>>> ;; WHEN: Sat Oct 12 22:56:37 2013
>>> ;; MSG SIZE  rcvd: 204
>>> 
>>> PS: We gotta get some automation up in here for config control.
>>> 
>>> --Bart
>>> 
>>> 
>>> _______________________________________________
>>> PSDR mailing list
>>> PSDR at hamwan.org
>>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>> 
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org
>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
> 
> 
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org

More information about the PSDR mailing list