dns abuse, please advise

Hi,

My primary and secondary name servers are getting pounded at the rate of tens of thousands of queries a minute. Almost all of the queries are the same (except they come from a different ip.

Aug 17 12:41:00.731 info: client 206.64.118.229#58327: query: outworks.com IN A
Aug 17 12:41:00.731 info: client 206.64.118.229#58327: query (cache) denied

I don't allow recursion, so they are being denied but it is driving up my cpu load.

With the help of thePlanet I've added a blackhole option that drops queries from offending IP's as soon as they come in. This helps, but every 20-30 minutes a new IP starts hammering me.

Questions:

1) How did I get on someone's feces-list so that I'm getting pounded.

2) Is there another way I can stop this without having to monitor the queries ever 15min and blacklisting them and still allow normal request for domains that I'm authorative for?

3) Anyone else had this problem?

Bob

 

 

 

 

Top