TitleDB.com - Update Blocking DNS Servers

I'm performing some maintenance on the DNS servers. In the interest of safety I'll be blocking all DNS queries until finished from one server at a time, so they can't accidentally leak unfiltered responses. They are expected to be down only a few minutes each.

update: Maintenance has been concluded. The backend has been changed from bind9 to powerdns, since pdns provides a mechanism that will help prevent being used as a DDoS relay, and I'd rather prefer not dealing with that sort of thing.

 

These should remain up for the foreseeable future. I'd actually attempted to warn the operator of the DNS-U setup about his vulnerability of becoming a DDoS amplifier, but he apparently wasn't interested in fixing it.

 

You can't block the "source" addresses of a UDP based DNS amplification attack because that's a forged address of the DDoS target. You must utilize something such as PowerDNS's any-to-tcp option which returns a 'truncated' result to any UDP ANY query, requiring the client to switch to TCP which can't be forged in order to perform a query for ANY type records.

 

I apologize if I came off as rude, and you're right that I made some possibly incorrect assumptions as to how your system was configured. Thank you for your support of the community with your service. If you do decide you wish to continue DNS-U with pdns later on, I'm sure people would be grateful for more options.

 

Doing some maintenance on these DNS servers today. I'll be blocking them off from public access while working, to make sure I don't accidentally leak valid results out and let someone's console update unexpectedly. As long as you have BOTH of mine configured, you shouldn't see an impact. Anybody who still has one of the dead, alternate services (tubehax, dns-u) on their system will probably lose internet briefly.

 

Maintenance has been concluded. Services are back up and running as expected on both systems.