Name Server Attack

UPDATE OCT 24TH 2024@1110EST:
It appears that the attack has stopped and we have removed the drop rules for the affected domains. We have also restored our usual name query limits.

UPDATE OCT 22ND 2024@0950EST:
The attack is still ongoing and our team will continue to drop queries for ‘cloudflare.com’ for the time being. We will perform another check around 1500EST.

UPDATE OCT 21ST 2024@2250EST:
It appears that the attack is largely focused on various regions in Brazil. While our team cannot ID the source of the attack, the destination for the requested data is pretty localized to that region. As of this time, the attackers seem to be settling for bogus TXT lookups against cloudflare.com and our team will begin dropping traffic with the hex for that domain until sometime tomorrow morning. This may break things on a temp basis as DNS queries for their domain will not resolve for users hitting our servers.


We are seeing what looks like a DNS attack at the moment, appears to have started around 1345EST until it died off near 1420EST, and then picked up again around 1700EST and it still ongoing at the time of posting. The majority of the request are TXT records for only a handful of domains. Our team will be keeping an eye on this.

We have already stepped in to significantly lower the responses per second allowed and widen the tracking bitmask to /24 for v4 and /58 for v6. These lower limits on responses will remain in effect until six hours after the attack ends in order to limit our impact without dropping our service entirely.

While the RPS is not super high, it is out of the norm for our name servers and we are reacting to it in order to limit the outgoing traffic amount and keep our name servers accessible.

Playing around with DNS again..

Our volunteers have been playing around with our name servers again and have setup the TLDs ‘.fennec’, ‘.dragon’ and ‘.avali’ as alternatives for goofing around with. If you are using our name servers directly, you should be able to visit “http:// www.avali” to see a mirror of this website or http://opennic.avali/ to see FurrIX NIC page for the project that they are working on.

Keep in mind that at this time, their TLDs are not part of the OpenNIC’s network and they are not currently accepting new registrations until they get an easier to manage frontend setup for working with zone files and others parts of their domain setup.

fenfox.run has been decom’d

When this project first started, we borrowed a domain from Skylar’s personal domains to use for all of the routing and support gear. Somewhere around the one year mark, we were supposed to return the domain ‘fenfox.run’ back to her for use on her website. We didn’t make the original date for return and worked out a deal to keep the domain in operation for another three to four months as a stop gap measure and have finally moved everything over to ‘furrix.zone’ and seem to have no issues so far.

As of today, ‘fenfox.run’ is no longer used anywhere within MFN or FurrIX.