Ickie
SOH Administrator
I have gone through the dns logs and also monitored the server and found that this is one of the DNS amplification attack over/through our server. In this weekend attack, somebody is trying to use our DNS server to flood somebody else. In this case it will be “denied” packet and it will still go to the flood target, not to mention flooding of our syslog messages log and steal bandwidth from our server.
In order to lock down such attack I disabled the recursion, that is set allow-recursion to "none;" on the server.
I will see what happens tomorrow.
In order to lock down such attack I disabled the recursion, that is set allow-recursion to "none;" on the server.
I will see what happens tomorrow.