none
How Can I protect for ISC.ORG attack!

    Question

  • Hello,

    We have been noticing an increasing number of DDoS attacks against our DNS  Server 2008 R2.  Recursion is disabled, so we only give valid responses to zones that we are authoritative for.

    My problem, is that we are receiving traffic floods on the order of 100 requests per second simultaneously from multiple sources.  Since DNS responds with a non-authorative response effectively saying "that zone isn't here, go somewhere else" it still consumes resources.  To combat this, I implemented a QoS policy for outbound traffic to limit the bandwidth, so other services on our network are not affected.  The QoS policy works well, but I fear that some legitimate DNS requests may get lost as a result.

    These malicious floods are querying for the same zone (isc.org) for which we are not authoritative. 

    Do you have any solution for this big problem? How Can I stop this attack without hardware firewall?


    Roberto

    Tuesday, December 11, 2012 1:54 AM

Answers