Calling any DNS gurus

[mas90]

Starting 9 days ago, all three of my DNS servers have been queried approximately twice per second by a small selection of hosts.  The query is the same each time: "NS .", i.e. a request for the list of root nameservers.  The servers are not configured identically: two respond with the requested data, and one refuses the query.

Anyone care to suggest

Comments

[mjg59]

It's not just you - it's apparently a widespread attack using DNS as amplification.

DNS mplification attack

[anonymous]

Don't doubt it is sorted but spare a thought for people that operate "mothership" DNS systems (aka those that run ROOT-A)

For more details on the attack, some points of light from the land of network operator gods...

http://www.merit.edu/mail.archives/nanog/msg14544.html

http://www.merit.edu/mail.archives/nanog/msg14429.html

One of the conclusions was a frustration at helplessness and a vague annoyance at said helplessness.

ciao,
awm22

Re: DNS mplification attack

[mas90]

Oh I don't doubt that life is far worse for the root server operators. I'm more bemoaning the general brokenness of the internet in allowing such things to take place...