[dnsdist] non ascii characters in dns requests

ccppprogrammer ccppprogrammer at gmail.com
Tue Feb 21 10:10:19 UTC 2017


Dear All!
I have weird DNS attacks where attackers requests dns name with non ascii
characters (\032 at the end of domain name). Because of that dnsdist can't
filter such dns requests. I tried filter with and without non ascii
characters but without success.
Any suggestions what to do in such situation?
Thanks in advance!

13:01:38.217462 IP 108.32.239.244.50742 > x.x.x.x.53: 62447+ A?
xhtlaakmz.jiang.com . (38)
13:01:38.288748 IP 41.141.90.47.43849 > x.x.x.x.53: 11866+ A?
nopqefguiwxym.jiang.com . (42)
13:01:38.309814 IP 47.169.20.171.29181 > x.x.x.x.53: 43540+ A? gpg.jiang.com
. (32)

> topQueries(20,2)
   1  jiang.com\032.                           9415 94.2%

> showRules()
#     Matches Rule                                               Action
117         0 qname==jiang.com\032.                              drop
118         0 qname==jiang.com.                                  drop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170221/9da0d47b/attachment.html>


More information about the dnsdist mailing list