[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Lookup - Filter "localhost"

Subject: DNS Lookup - Filter "localhost"
From: list at satchell.net (Stephen Satchell)
Date: Mon, 17 Nov 2014 14:06:17 -0800
In-reply-to: <CA+GZS2be1UwOmVvaNYinForRxJ9qu=+ALcvf4uL4_TBLsRzevg@mail.gmail.com>
References: <CA+GZS2be1UwOmVvaNYinForRxJ9qu=+ALcvf4uL4_TBLsRzevg@mail.gmail.com>

On 11/17/2014 01:11 PM, Radke, Justin wrote:
> This past weekend we started receiving bursts of lookups on our DNS server
> for "localhost." We blocked our subscriber abusing this lookup (most
> assuredly malware and not intentional) but curious what safeguards you put
> in place for DOS attacks on your DNS servers.
> 
> 1. As an ISP do you see a problem with blocking localhost on your DNS
> servers? (we don't see any validity to these requests but checking with you
> to see if we've overlooked something).

Not really

> 2. Do you have an actual localhost zone that issues 127.0.0.1?

Yes

> 3. Do you block >512 Bytes DNS requests?

No.

> 4. Do you block non-UDP DNS requests or rate-limit requests?

Yes

> 5. Anything else you block/filter on your DNS servers?

block/limit "any" queries
block/limit "root NS" queries
block anycast/broadcast source address packets
block fragmented packets

Follow-Ups:
- DNS Lookup - Filter "localhost"
  - From: anders at abundo.se (Anders Löwinger)
- DNS Lookup - Filter "localhost"
  - From: drc at virtualized.org (David Conrad)

References:
- DNS Lookup - Filter "localhost"
  - From: jradke at canbytel.com (Radke, Justin)

Prev by Date: A case against vendor-locking optical modules
Next by Date: A case against vendor-locking optical modules
Previous by thread: DNS Lookup - Filter "localhost"
Next by thread: DNS Lookup - Filter "localhost"
Index(es):
- Date
- Thread