DNS Lookup - Filter "localhost"
list at satchell.net
Mon Nov 17 22:06:17 UTC 2014
On 11/17/2014 01:11 PM, Radke, Justin wrote:
> This past weekend we started receiving bursts of lookups on our DNS server
> for "localhost." We blocked our subscriber abusing this lookup (most
> assuredly malware and not intentional) but curious what safeguards you put
> in place for DOS attacks on your DNS servers.
> 1. As an ISP do you see a problem with blocking localhost on your DNS
> servers? (we don't see any validity to these requests but checking with you
> to see if we've overlooked something).
> 2. Do you have an actual localhost zone that issues 127.0.0.1?
> 3. Do you block >512 Bytes DNS requests?
> 4. Do you block non-UDP DNS requests or rate-limit requests?
> 5. Anything else you block/filter on your DNS servers?
block/limit "any" queries
block/limit "root NS" queries
block anycast/broadcast source address packets
block fragmented packets
More information about the NANOG