[dnsdist] non ascii characters in dns requests
Alejandro Adroher Mellado
alejandro.adroher at omniaccess.com
Tue Feb 21 13:33:02 UTC 2017
Have you tried to move these rules (117 & 118) to the first positions?
May any other rule be affecting this queries.
From: dnsdist [mailto:dnsdist-bounces at mailman.powerdns.com] On Behalf Of ccppprogrammer
Sent: martes, 21 de febrero de 2017 11:10
To: dnsdist at mailman.powerdns.com
Subject: [dnsdist] non ascii characters in dns requests
Dear All!
I have weird DNS attacks where attackers requests dns name with non ascii characters (\032 at the end of domain name). Because of that dnsdist can't filter such dns requests. I tried filter with and without non ascii characters but without success.
Any suggestions what to do in such situation?
Thanks in advance!
13:01:38.217462 IP 108.32.239.244.50742 > x.x.x.x.53: 62447+ A? xhtlaakmz.jiang.com<http://xhtlaakmz.jiang.com> . (38)
13:01:38.288748 IP 41.141.90.47.43849 > x.x.x.x.53: 11866+ A? nopqefguiwxym.jiang.com<http://nopqefguiwxym.jiang.com> . (42)
13:01:38.309814 IP 47.169.20.171.29181 > x.x.x.x.53: 43540+ A? gpg.jiang.com<http://gpg.jiang.com> . (32)
> topQueries(20,2)
1 jiang.com<http://jiang.com>\032. 9415 94.2%
> showRules()
# Matches Rule Action
117 0 qname==jiang.com<http://jiang.com>\032. drop
118 0 qname==jiang.com<http://jiang.com>. drop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170221/ad60657d/attachment.html>
More information about the dnsdist
mailing list