* Viktor Dukhovni <[email protected]> [230328 00:05]: > The queries for "_.extglb.tn.gov. IN A ?" in your PCAP are a novelty to > me. Are these some form of query minimisation, or some sort of sanity > check of the delegation? Sadly, the "tn.gov" nameserver just drops > these without responding, so their failure could well contribute to the > problems you observe.
A little more info here. My informant was cadgy, but I think I understand that they are providing a whitelist of extant domains and their upstream is using that to filter queries as a mitigation measure. "Scrubbing terabytes of malicious traffic" was mentioned. Having found this, https://gitlab.isc.org/isc-projects/bind9/-/issues/3331 though I can't access the ticket mentioned, I was inspired to try finding the zone cuts on tn.gov using NS queries; none my queries were dropped as those with underscore labels were. Take it with a grain of salt as I really have no idea what I'm doing, but if this is a common anti-ddos technique then maybe this goes on the NS side of the qname minimization balance. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
