During the last couple of weeks i have been seeing a lot of messages about denied cache queries on my DNS servers.

month day time server name named[6518]: client ip number#port number: query (cache) ‘./NS/IN’ denied

At first they looked quite innocent and I thought nothing much of them. But after a while the number of logged events grew faster and faster so it was time to do some investigation on google. After reading a few articles I came to the conclusion that my logs where trying to tell me that my DNS server where used as DNS DDoS deflectors.

Continue reading →