DNS Abuse

[Barr Hibbs]

>> administrator at yellowhead.com (John Coutts) writes:
>>
>> Is anyone else having problems with their DNS server being
>> bombarded with requests from customers that are obviously
>> have a system related problem.  These problems appear to be
>> related to automated background requests for places like 
>> ICQ, Yahoo, MSN, and AOL. Even though the DNS responds,
>> the customer's computer still outputs more than 25 requests
>> per second. Our server is able to handle it, but it is causing
>> excessive load and bandwidth consumption.

We have seen similar spikes in DNS traffic to our authoratative
servers.  Our working hypothesis is that e-mail spammers who
have made it onto the RBL are causing the spikes.

Imagine a high-volume email blaster firing up, and starting to
hit DNS to support the mail application.  If the return path
includes RBL-enabled boxes, your DNS servers will receive
the queries, but your replies will not make it back.
Repeat as recursive server retries.  Magnify for high-volume
batches of spam.

In the handful of incidents that have set off our alerts,
we've identified the sender, and confirmed they were on
the RBL.  Further, our DNS service is routed via multiple
providers for reliability, and only our machines routing
via RBL-enabled providers have been impacted.
 
--Barr Hibbs
  UltraDNS Corporation