DNS BE just released a press statement regarding an ongoing botnet attack that started last sunday. Seems the attackers have not been identified and it is unknown why DNS.BE is the target. End users(surfers) expierence lil to no slowdowns since the 47 other nameservers are able to deal with this attack perfectly. the Below is the full press release.
Starting Sunday 3 April, the DNS.be name servers experience 6 times more queries than average. This caused 2 name servers to be hardly available during 4 hours and sometimes even not available at all. The other 47 name servers were perfectly able to back-up, which is why no or little delay is caused for the end-user surfing to .be websites.Together with the CERT (Belgian National Computer Emergency Response Team) and the FCCU (Federal Computer Crime Unit),.DNS.be examines what can be the cause of this extra load.The CERT as well as DNS.be are monitoring the IP addresses of the DNS.be name servers to find an explanation of this extra load.DNS.be made a statement with the FCCU regarding an attack with unknown perpetrators, to enable the FCCU to identify the initiator of this attack.In more technical terms:A botnet queries the DNS.be name servers to get the MX records linked to domain names.This is an unusual query to the name servers of a TLD since these records are located in the domain name holders’ name servers.As the TLD’s name servers are not able to give the answers, the percentage of “unknown” answers increased from 10% to 90%.
- Which DNS Server Should You Use On Your Computer? (labnol.org)
- Security In DNS Left Out On Purpose, Says Creator (blogs.forbes.com) More like they forgot or didn’t think of it at the time.
- IPv6 and DNS – Getting your DNS infrastructure ready for IPv6 (blogs.cisco.com)