Option in Simple DNS Plus to ignore root requests
Saturday, 31 January 2009
Because of continued reports about DNS amplification / DDoS attacks (DNS requests for NS-records for <root> from spoofed IP addresses), we have added a new option in Simple DNS Plus to make it easy to deal with these requests and keep them out of the log.
In the Simple DNS Plus Options dialog / DNS / Miscellanuous section, there is now a new "Ignore all DNS requests for <root>" option:
And the statistics (available through the HTTP API) has a new counter for this:
This new option is in Simple DNS Plus v. 5.1 build 128 now available at http://www.simpledns.com/download.aspx
Please note that this only works against a very specific type of attack - which has been rampant for the last two weeks or so. It may become useless very quickly if the attackers change their tatics, but at least it should help right now.
IMPORTANT: When registering new domain names, some registrars require that your DNS server responds with a correct list of DNS root servers as part of their tests, so you may need to temporarily switch this option off when doing this.