DNS Lookup - Filter "localhost"

Stephen Satchell list at satchell.net
Mon Nov 17 22:06:17 UTC 2014

On 11/17/2014 01:11 PM, Radke, Justin wrote:
> This past weekend we started receiving bursts of lookups on our DNS server
> for "localhost." We blocked our subscriber abusing this lookup (most
> assuredly malware and not intentional) but curious what safeguards you put
> in place for DOS attacks on your DNS servers.
> 1. As an ISP do you see a problem with blocking localhost on your DNS
> servers? (we don't see any validity to these requests but checking with you
> to see if we've overlooked something).

Not really

> 2. Do you have an actual localhost zone that issues


> 3. Do you block >512 Bytes DNS requests?


> 4. Do you block non-UDP DNS requests or rate-limit requests?


> 5. Anything else you block/filter on your DNS servers?

block/limit "any" queries
block/limit "root NS" queries
block anycast/broadcast source address packets
block fragmented packets

More information about the NANOG mailing list