[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Lookup - Filter "localhost"

Subject: DNS Lookup - Filter "localhost"
From: jradke at canbytel.com (Radke, Justin)
Date: Mon, 17 Nov 2014 13:11:11 -0800

This past weekend we started receiving bursts of lookups on our DNS server
for "localhost." We blocked our subscriber abusing this lookup (most
assuredly malware and not intentional) but curious what safeguards you put
in place for DOS attacks on your DNS servers.

1. As an ISP do you see a problem with blocking localhost on your DNS
servers? (we don't see any validity to these requests but checking with you
to see if we've overlooked something).
2. Do you have an actual localhost zone that issues 127.0.0.1?
3. Do you block >512 Bytes DNS requests?
4. Do you block non-UDP DNS requests or rate-limit requests?
5. Anything else you block/filter on your DNS servers?

-=JGR

Follow-Ups:
- DNS Lookup - Filter "localhost"
  - From: list at satchell.net (Stephen Satchell)
- DNS Lookup - Filter "localhost"
  - From: dot at dotat.at (Tony Finch)

Prev by Date: A case against vendor-locking optical modules
Next by Date: A case against vendor-locking optical modules
Previous by thread: A case against vendor-locking optical modules
Next by thread: DNS Lookup - Filter "localhost"
Index(es):
- Date
- Thread