Ok this time with the correct from address ;-) Paul Vixie wrote:
ok so this part does not mystify me...
Someone has been in contact with Joe via phone and posted to another mailing list That Zhall Not Be Named that exactly that is happening. The zone is dead, ...
...because running blackhole lists is surprisingly more hard than most people think. (witness the sorbs.net message here a few hours ago complaining of 50Kpkt/day query loads.) i've paid some dues in this area, so i feel qualified to say that "i told you so" on this topic. but at least there's no mystery.
I'm not worried about the 50k queries a day, the previous mail was about setting this a threshold as a 'ok you're saving some money/bandwidth by using us, help us extend the service and protect against DDoS by paying a nominal subscription' I can handle around 6000 DNS queries per second here, but the DDoS hit the servers with 300,000 packets per second of invalid DDoS crap that I can't handle alone. I have been talking to a lot of people about solutions and came up with a 'distributed DNS blocklist' idea, this led to my post earlier as Joe had issues with DDoS on the addresses he had listed in the root nameservers - which I figure is the weakest link all round... Someone has suggested 'anycasting' what do people (particually you Paul) think of using anycasting for a DNSbl? (- AS112 anyone?) I think it may work well... however I am a novice in terms of BGP... As far as I can tell it involves getting a portable address block (somone suggested anything less than a /24 would get filtered) and announcing it in various locations around the Net with local servers behind each of those announcements.... is this fundamentally correct? Assuming I am right in my current understanding, I am about to start looking at the proceedure to get an ASN and then I'll be looking for some portable IP space if the consensus and thoughts are this will work. I am thinking along the lines of talking with the other large DNSbls (particually Easynet (wirehub) and DSBL) about setting up a set of combined DNSbl servers all anycast'd. This after all will bring an DDoS machines to the attention of the local networks they are attacking .... ;-) Thoughts, comments, flames...? Thanks for all the offers of support and help, I will get back to everyone in detail as soon as I get chance. Yours Mat