<div dir="ltr">I have only drop rules so no one affecting it.<div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 21, 2017 at 4:33 PM, Alejandro Adroher Mellado <span dir="ltr"><<a href="mailto:alejandro.adroher@omniaccess.com" target="_blank">alejandro.adroher@omniaccess.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-GB" link="blue" vlink="purple">
<div class="m_-1349045702074380765WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Have you tried to move these rules (117 & 118) to the first positions?
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">May any other rule be affecting this queries.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> dnsdist [mailto:<a href="mailto:dnsdist-bounces@mailman.powerdns.com" target="_blank">dnsdist-bounces@<wbr>mailman.powerdns.com</a>]
<b>On Behalf Of </b>ccppprogrammer<br>
<b>Sent:</b> martes, 21 de febrero de 2017 11:10<br>
<b>To:</b> <a href="mailto:dnsdist@mailman.powerdns.com" target="_blank">dnsdist@mailman.powerdns.com</a><br>
<b>Subject:</b> [dnsdist] non ascii characters in dns requests<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Dear All!<u></u><u></u></p>
<div>
<p class="MsoNormal">I have weird DNS attacks where attackers requests dns name with non ascii characters (\032 at the end of domain name). Because of that dnsdist can't filter such dns requests. I tried filter with and without non ascii characters but without
success.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Any suggestions what to do in such situation?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks in advance!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">13:01:38.217462 IP 108.32.239.244.50742 > x.x.x.x.53: 62447+ A?
<a href="http://xhtlaakmz.jiang.com" target="_blank">xhtlaakmz.jiang.com</a> . (38)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">13:01:38.288748 IP 41.141.90.47.43849 > x.x.x.x.53: 11866+ A?
<a href="http://nopqefguiwxym.jiang.com" target="_blank">nopqefguiwxym.jiang.com</a> . (42)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">13:01:38.309814 IP 47.169.20.171.29181 > x.x.x.x.53: 43540+ A?
<a href="http://gpg.jiang.com" target="_blank">gpg.jiang.com</a> . (32)<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">> topQueries(20,2)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> 1 <a href="http://jiang.com" target="_blank">jiang.com</a>\032. 9415 94.2%<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">> showRules()<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"># Matches Rule Action<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">117 0 qname==<a href="http://jiang.com" target="_blank">jiang.com</a>\032. drop<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">118 0 qname==<a href="http://jiang.com" target="_blank">jiang.com</a>. drop<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div></div></div>
</div>
</blockquote></div><br></div></div>