Hi, NANOGers. ] other cctld servers have seen what are effectively ddos. rob thomas ] seems to have the most clue on this, so i hope this troll will entice ] him to speak. Did someone say "troll?" :) Yes, this is a real problem. These attacks have exceeded several gigabits per second in size, and during one attack 122K DNS name servers were abused as amplifiers. Ouch! This abuse can be mitigated. Here are a few tips. Limit recursion to trusted netblocks and customers. Do not permit your name servers to provide recursion for the world. If you do, you will contribute to one of these attacks. Watch for queries to your name servers that ask for "ANY" related to a DNS RR outside of the zones for which you are authoritative. This DNS RR will be LARGE. Limit UDP queries to 512 bytes. This greatly decreases the amplification affect, though it doesn't stop it. Scan your IP space for name servers that permit recursive queries. It's amazing just how many of these name servers exist. Refer to the following guides for some excellent insight and suggestions. <http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf> <http://cc.uoregon.edu/cnews/winter2006/recursive.htm> <http://dns.measurement-factory.com/surveys/sum1.html> Note we have our own Secure BIND Template which will help on the BIND side of life. <http://www.cymru.com/Documents/secure-bind-template.html> If you need assistance with any of this, have endured one of these attacks, or have any other questions, please don't hesitate to ping on us at team-cymru@cymru.com. We're here to assist! Thanks! Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);