ant: awyeah: this log entry doesn't look like a ddos attack on you. someone is sending you a query (which is small), hoping that your dns server is sending back a reply to the (probably spoofed, to point to the victim) source address. but your server is denying the request, so there's no amplification
awyeah: i also get those queries a lot (and also for other domains). have you considered implementing response rate limiting, so you don't reply to every request?
awyeah: (not saying that you aren't actually ddos'd, but that doesn't look like it's part of the ddos)
***: ziyourenxiang has joined #arpnetworks
awyeah: ant: I am getting thousands of them per minute
And that particular domain has a large zone associated with it.
But anyway, it's denying the requests anyway, since I'm not running a recursive server.
So maybe at some point they'll get the message ;)
***: sjackso_ has joined #arpnetworks
MeltedLux_ has joined #arpnetworks
MeltedLux has quit IRC (*.net *.split)
sjackso has quit IRC (*.net *.split)
tellnes has quit IRC (*.net *.split)
up_the_irons has quit IRC (*.net *.split)
up_the_irons has joined #arpnetworks
orwell.freenode.net sets mode: +o up_the_irons
qbit[m] has quit IRC (Ping timeout: 240 seconds)
tellnes has joined #arpnetworks
qbit[m] has joined #arpnetworks
qbit[m] is now known as Guest22568
dne has quit IRC (Remote host closed the connection)
dne has joined #arpnetworks
r0ni has quit IRC (Quit: Textual IRC Client: www.textualapp.com)
eryc has quit IRC (Remote host closed the connection)
eryc has joined #arpnetworks
ziyourenxiang has quit IRC (Ping timeout: 246 seconds)
up_the_irons has quit IRC (*.net *.split)
up_the_irons has joined #arpnetworks
ChanServ sets mode: +o up_the_irons