On Tue, Jan 20, 2009 at 12:54:32PM -0800, Wil Schultz wrote:
Anyone else noticing "." requests coming in to your DNS servers?
I was surprised to see 'amplification' in the subject line here, since
on my nameservers my replies are of equal length to the queries. A
little bit of asking around, and I see that it is an amplification
attack, preying on old software.
Let me sum up;
If you're running 9.4 or later, you will reply to these packets with
45 octet RCODE:Refused replies. 1:1. 9.4 has an "allow-query-cache"
directive that defaults to track allow-recursion, which you should
have set appropriately.