You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running a few bns nameservers now for Handshake domains, I've been hit by multiple Amplification Attacks
I think in AuthNS mode (with recursion off a.k.a. this.ra: false), the server should either not reply at all, or reply as minimally as possible.
Examples
Querying local bnsAuthNS
$ dig @127.0.0.1 -p 5300 myzonewd
; <<>> DiG 9.14.6 <<>> @127.0.0.1 -p 5300 myzonewd
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15969
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myzonewd. IN A
;; AUTHORITY SECTION:
. 3600000 IN NS a.root-servers.net.
. 3600000 IN NS b.root-servers.net.
. 3600000 IN NS c.root-servers.net.
. 3600000 IN NS d.root-servers.net.
. 3600000 IN NS e.root-servers.net.
. 3600000 IN NS f.root-servers.net.
. 3600000 IN NS g.root-servers.net.
. 3600000 IN NS h.root-servers.net.
. 3600000 IN NS i.root-servers.net.
. 3600000 IN NS j.root-servers.net.
. 3600000 IN NS k.root-servers.net.
. 3600000 IN NS l.root-servers.net.
. 3600000 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 199.9.14.201
b.root-servers.net. 3600000 IN AAAA 2001:500:200::b
c.root-servers.net. 3600000 IN A 192.33.4.12
c.root-servers.net. 3600000 IN AAAA 2001:500:2::c
d.root-servers.net. 3600000 IN A 199.7.91.13
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
e.root-servers.net. 3600000 IN A 192.203.230.10
e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d
h.root-servers.net. 3600000 IN A 198.97.190.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::53
i.root-servers.net. 3600000 IN A 192.36.148.17
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
j.root-servers.net. 3600000 IN A 192.58.128.30
j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3600000 IN A 193.0.14.129
k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
l.root-servers.net. 3600000 IN A 199.7.83.42
l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35
;; Query time: 4 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Mon Apr 27 12:43:45 EDT 2020
;; MSG SIZE rcvd: 820
Querying a CSC Global nameserver
$dig @156.154.130.100 iwefjwoiefjowief.oweifjowiejfoiwjef
; <<>> DiG 9.14.6 <<>> @156.154.130.100 iwefjwoiefjowief.oweifjowiejfoiwjef
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48484
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;iwefjwoiefjowief.oweifjowiejfoiwjef. IN A
;; Query time: 8 msec
;; SERVER: 156.154.130.100#53(156.154.130.100)
;; WHEN: Mon Apr 27 12:43:21 EDT 2020
;; MSG SIZE rcvd: 53
The text was updated successfully, but these errors were encountered:
pinheadmz
changed the title
Should Authoritative Nameserver refer non-auth queries to the root zone?
Should Authoritative Nameserver refer non-zone queries to the root zone?
Apr 27, 2020
Running a few
bns
nameservers now for Handshake domains, I've been hit by multiple Amplification AttacksI think in
AuthNS
mode (with recursion off a.k.a.this.ra: false
), the server should either not reply at all, or reply as minimally as possible.Examples
Querying local
bns
AuthNS
Querying a CSC Global nameserver
The text was updated successfully, but these errors were encountered: