On Wed, May 11, 2005 at 20:33, Will Yardley wrote:
If your domains aren't "mynameserver.net" or "mydomain.com", perhaps you'd get a more helpful response by including the actual hostnames / domains in question? You don't gain much by stripping this information, and it's much easier for people to figure out what might be going on if you include the actual domain(s). I'm assuming that if you're running a publicly accessible nameserver which is serving names for these domains, it's probably not sooper sekrit information.
Also, if you MUST use a bogus domain, at least use a bogus domain reserved for that purpose (like example.com) or something ending in ".invalid".
First. thanks all for the prompt responses to my message. Second. The incident actually started late 2003 and the magnitude of DNS requests peaked our bandwidth usage to 170 GB which was a huge increase when compared to normal average bandwidth. Why it happened? There was a worm that is still crawling around the internet that sends mega emails to anyuser@mxserver.com ; usually user@mxserver.com, recipient@mxserver.com, and many others. During 2004 the worm was still there but then it died down but now it is up again ... so what I think is that those IPs attacking our DNS server are actually PCs infected by that worm .. It ends up as a DoS type attack as thousands of PCs around the world requesting DNS records from our nameservers. Now I changed the DNS server to a dynamic DNS provider, and I am pointing the MX record to my home server sitting on a DSL connection which does not annoy much bandwidth wise and I've started creating SMTP rules that blocks every address except webmaster@mxserver.com and info@mxserver.com .. If you want to see the magnitude of attacks you can search google for mxserver.com: http://groups-beta.google.com/groups?q=%22mxserver.com%22&hl=en&lr=&sa=N&tab =wg once again thanks all for your help. -aljuhani