FYI, I'm seeing a lot of DNS lookups for all the three letter domain names for which we are listed as authoritative (we have five). The requests look like this: req: nlookup(foo.com) id 64450 type=255 class=255 212.100.232.17.domain > myserver.domain: 31881+ ANY ANY? foo.com. (25) 4500 0035 1e38 0000 ed11 e20a d464 e811 c7f5 4909 0035 0035 0021 0000 7c89 0100 0001 0000 0000 0000 0365 6f73 0363 6f6d 0000 ff00 ff We get about 400 requests per minute, per "attacking" machine, per authoritative name server, per domain. This happened on July 25 with these two sources: 194.186.87.197 130.94.23.70 and today, August 25, with this source: 212.100.232.17 Clearly, this is not a problem right now. But if the number of attacking machines grows, then any machine that serves many three-letter domain names might notice. And who knows, maybe the cretins will get creative and move to four letter domains! Just FYI, -mark P.S. I mentioned the two dates above (7/25, 8/25) purely for entertainment purposes. Consistent with the NY Times article last weekend about putting too much weight in events that are merely coincidences, I don't mean to imply that there is a "25th of the month" conspiracy afoot.