DNS query saturating T1

Max Kipness max at assuredata.com
Fri Oct 16 20:42:48 IST 2009

Yes,, is our internal address.

I found this on the internet, and not sure if it was the cause, but we
definitely had Bind 9 that was not updated to the 'P' version that fixes
this exploit. I've since updated right now, so we will see. I hope this
is it.


To the others that responded, I'm hitting a few RBLs at the MTA level,
and through SpamAssassin. But I don't think it will matter how many are
being hit, you might overload your cpu or memory, but I don't think you
could ever saturate a T1 with that traffic. This was a thousands or
hundreds of thousands of queries per second to some server that had
nothing to do with RBLs.


> Who's 0.211? You?
> On Oct 16, 2009, at 1:41 PM, Max Kipness wrote:

> Thu Oct 15 12:00:06 2009; UDP; eth0; 43 bytes; from  

Thanks -

Max Kipness
AssureDATA, Inc.
Office: 214-717-4644 
Mobile: 214-417-8412
Email: max at assuredata.com

Please note my new office number above. Please use this number first
when attempting to contact me!

More information about the MailScanner mailing list