DNS Lookup - Filter "localhost"

Stephen Satchell list at satchell.net
Mon Nov 17 22:06:17 UTC 2014


On 11/17/2014 01:11 PM, Radke, Justin wrote:
> This past weekend we started receiving bursts of lookups on our DNS server
> for "localhost." We blocked our subscriber abusing this lookup (most
> assuredly malware and not intentional) but curious what safeguards you put
> in place for DOS attacks on your DNS servers.
> 
> 1. As an ISP do you see a problem with blocking localhost on your DNS
> servers? (we don't see any validity to these requests but checking with you
> to see if we've overlooked something).

Not really

> 2. Do you have an actual localhost zone that issues 127.0.0.1?

Yes

> 3. Do you block >512 Bytes DNS requests?

No.

> 4. Do you block non-UDP DNS requests or rate-limit requests?

Yes

> 5. Anything else you block/filter on your DNS servers?

block/limit "any" queries
block/limit "root NS" queries
block anycast/broadcast source address packets
block fragmented packets


More information about the NANOG mailing list