Announcement

Collapse
No announcement yet.

Hundreds of blank DNS requests per minute

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hundreds of blank DNS requests per minute

    One of our DNS servers is getting slammed with hundreds of requests per minute from various external IP addresses.

    Microsoft DNS server (dns.exe), on Windows Server 2003 SP2

    The queries are for type NS, no host, recursion desired.

    Normal traffic is less than a dozen requests per minute for A or MX records.

    We are blocking abusive hosts or networks in ISA as they appear, but the IPs shift to a new set after a while.

    Is there a way to block empty DNS requests, either in DNS Server or in ISA Server?

  • #2
    Re: Hundreds of blank DNS requests per minute

    Why have you published your DNS servers?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Hundreds of blank DNS requests per minute

      The DNS servers contain the external IP addresses of our mail servers and web servers. They allow external users to find us and send us mail.

      The internal DNS servers, with intranet and active directory information, are not published externally and are not affected.

      Comment


      • #4
        Re: Hundreds of blank DNS requests per minute

        IMHO move your external DNS requirements to a 3rd party and leave the worries to them!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Hundreds of blank DNS requests per minute

          I agree with Tom.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Hundreds of blank DNS requests per minute

            Ah, thanks.

            Comment

            Working...
            X