How can someone know Sub-Domains?

Phil Mayers p.mayers at
Sun Dec 25 09:10:28 UTC 2011

If you are being DOSed at a rate higher than you can handle then you need to liase with your provider to get them to drop the traffic before it reaches you. Google "srtbh".

There are 4 ways attackers might have extracted a list of target hosts.

1. Axfr I.e. Zone transfer - have you locked this down?
2. Dnssec - walking the nsec chain of a signed zone, or (unlikely) attacking the nsec3 hash
3. Reverse lookup of your known ipv4 subnets - this is fast even for big ranges
4. Non-dns means - compromise of a trusted host or person.

What form does the dos take? How are you so sure DNS is even involved?

Do you have bind- or dns-specific questions?
Sent from my phone. Please excuse brevity and typos.

More information about the bind-users mailing list