<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">This happened again this morning between 5:30-8:20AM PDT (1230-1520 UTC). The attack is similar to what's described in this CVE [1] (NXNSAttack), but I have confirmed that we have that patched on our servers. I have put in some local changes on the servers to help ensure the service stays online if it happens again. I'm working on getting this integrated into our configuration management.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">I also heard back from LinkOregon and they note that they do have some mitigation measures in place, however it wasn't working with IPv6 at the time. We noticed seeing a fairly equal amount of traffic for IPv4 and IPv6 during the event.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">If anyone else has some recommended Bind configuration you use to mitigate this, please let me know off list.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Thanks for your patience.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">[1] <a href="https://kb.isc.org/docs/cve-2020-8616">https://kb.isc.org/docs/cve-2020-8616</a></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 28, 2022 at 10:39 PM Lance Albertson <<a href="mailto:lance@osuosl.org" target="_blank">lance@osuosl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">All,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Between 5-8:15PM PDT (0000-0315 UTC), our DNS servers experienced a DDoS which affected DNS queries to our authoritative servers. Our caching servers were also somewhat affected, but less so it seems. The attack seemed to be sending millions of random queries to one of our hosted project's domains.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">I have a ticket open with LinkOregon to see if they have any additional information. Apologies for any issues this might have caused.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We'll be looking at adding some additional rate limiting to hopefully mitigate this more in the future.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">If you have any other questions, please let me know via an email to <a href="mailto:support@osuosl.org" target="_blank">support@osuosl.org</a></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Thank you!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div>-- <br><div dir="ltr"><div dir="ltr"><font face="arial, helvetica, sans-serif">Lance Albertson</font><div><div><font face="arial, helvetica, sans-serif">Director</font></div><div><span style="font-family:arial,helvetica,sans-serif">Oregon State University | </span><span style="font-family:arial,helvetica,sans-serif">Open Source Lab </span></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><font face="arial, helvetica, sans-serif">Lance Albertson</font><div><div><font face="arial, helvetica, sans-serif">Director</font></div><div><span style="font-family:arial,helvetica,sans-serif">Oregon State University | </span><span style="font-family:arial,helvetica,sans-serif">Open Source Lab </span></div></div></div></div>