Ongoing DNS Server DoS Attack

Over the past few days we’ve seen a massive increase in both the number and volume of DNS Amplification Attacks using our recursive name servers.  This is likely due to the fact that our new name servers provide more verbose answers and are therefore amplify traffic more effectively than our old servers.  We unfortunately had to roll back blocking off-net use of our recursive servers and blocking these requests entirely is not currently an option at this time.  To mitigate the effects of the attacks both on our systems and their targets, we’ve instituted rate limits on the total number of queries per second any given IP address is able to source to our servers.  The rate limits are high enough that they should not interfere with any normal (and acceptable) use.  However, it is possible that a customer doing bulk DNS lookups (such as log processing or running a busy mail server) may run into issues and experience intermittent delays resolving host names.

-Kelsey, Augie and Nathan

4 comments for “Ongoing DNS Server DoS Attack

Leave a Reply

Your email address will not be published. Required fields are marked *