will blocking getting hammered by cache request do anything?

online-reg online-reg at enigmedia.com
Thu Mar 5 16:36:00 UTC 2009


Hi All: my 9.6.0 server is getting hammered by cache requests from a 
specific IP (62.109.4.89) which traces back to what looks like a DSL 
netblock in Russia:

05-Mar-2009 12:18:01.883 queries: info: client 62.109.4.89#53157: query: . 
IN NS +
05-Mar-2009 12:18:01.883 security: info: client 62.109.4.89#53157: query 
(cache) './NS/IN' denied

I assume that this is some unpatched server (because currently I only see 
this single IP trying to connect), but is there any way to tell the 
difference between that and a deliberate DDOS attack?

My subnet is on a Verizon 3Mbps static "business" DSL connection with a 
router/firewall NAT'ing the incoming traffic.

My question is, will blocking this from the firewall in front of the box 
help in any way to mitigate it's effect on the server? Or do I need to get 
my upstream provider to block this IP for it to have any impact? The server 
isn't "choking" on the volume of requests (yet), and I'm wondering if 
blocking the requests at the border of the network would do anything 
meaningful?

Of course, it's prolly not realistic to expect Verizon to do anything above 
my router. 




More information about the bind-users mailing list