March 31st, 2013, 01:32 PM
DNS Amp Attack Solution
Currently, we have a business line from Comcast that comes into our neighborhood, and a local guy runs things and splits it out to us in the neighborhood for a monthly fee. Works out pretty well. We get fairly cheap internet, he makes some money. He also hosts some domains on his servers and two DNS servers.
For the last few days, we have been getting hit hard with fake DNS queries. It's similar to a DDoS attack. To be honest I really don't know much about DNS and I'm still learning. I'm good with computers in general (Have my A+, going for Net+ at the end of the semester).
According to the guy who runs it in the neighborhood, he has two DNS servers on Server 2008, using the built in windows tool for DNS. From what I understand, Windows DNS can't handle internal DNS queries differently from external (internet) queries.
(I know this probably isn't worded too well)
My question is, what can we do about the DNS attacks without setting up entirely new servers? (which would take weeks)
Appreciate any help I can be given.
March 31st, 2013, 11:09 PM
It is very difficult to answer your question without knowing the nature of the attack. If those DNS servers are not set up to restrict recursion to a specific set of IP addresses, there is no helping you. The latest attack description from US-Cert can be found here: