Hi Jacob,
On 20 Dec 2024, at 08:02, Jacob Bunk Nielsen via Ns.se <ns.se@lists.iis.se> wrote:
Hej
"Fredrik Pettai via Ns.se" <ns.se@lists.iis.se> writes:
Vi har inte sett så mycket “bus” mot vår DNS-infrastruktur på väldigt länge, men det verkar börja hända saker nu när långledighet nalkas.
At group.one (one.com) I have not noticed any particular increase in "internet noise" against our DNS servers over the past weeks.
Do you see any pattern in queries being made that could give you a hint about what is going on? E.g. is it towards zones hosted in your DNS servers?
We don’t log queries by default, we only log all issues/errors and policy decisions. Our “manual checks" on incoming traffic from the Cloudflare IPs was towards a specific zone that we are secondary for. (The primary zone owner got hit by even more Cloudflare IPs, probably because the don’t do any automatic policy actions on their infrastructure).
Which kind of records are they looking for? Are there any patterns in the names they query for?
Real names & words in the zone or subdomain(s) of the zone, as far as we could see from our manual checks. And the name server stats didn't show any broken / illegal queries either. Since we don’t log queries (for privacy reasons), we can only guess they were updating a catalog of free domain names. Perhaps this is more of an issue for TLDs? Only we haven’t seen this before… Re, /P
Best regards, Jacob -- Ns.se mailing list -- ns.se@lists.iis.se To unsubscribe send an email to ns.se-leave@lists.iis.se