All,
Thanks to those of you who sent me some suggestions on how to mitigate these attacks. We had another one happen last night and I took the opportunity to try putting dnsdist [1] in front of one of the DNS servers (ns1) manually. It seemed to help but I was having trouble with getting the resolvers to work properly.
I reverted the change after the attack happened but I plan to move forward on getting this deployed on at least one host initially and see how it goes.
If anyone else has experience with using dnsdist in front of both resolvers and authoritative BIND servers on the same host, please reply off list and share your configuration and setup.
Thanks!
ยทยทยท
Lance Albertson
Director
Oregon State University | Open Source Lab