Helping to stop DDoS - detecting DNS recursion configuration issues
Recently, Tenable was asked about detecting DNS servers that were configured to respond to DNS "recursion" queries. The issue is that a remote attacker could spoof a recursive DNS query with a source address of a network they wish to cause a denial of service for. The attacker spoofs a query with a small payload and causes the DNS server to reply with much more data. This floods the target network with answers to questions it never asked for.
At the Tenable blog.
[ Read more ]