DNS.BE, the Belgian organization that manages all registrations of domainnames under the .be TLD, reported that the DNS name servers did get an unusual high workload, up to 6 times more queries than average, resulting in 2 servers that where hardly available during 4 hour on last Sunday. The other 47 name servers were perfectly able to back-up services and surfers to .be sites did not notice any delays.
A botnet, responsible for sending out spam, created many DNS requests to the name servers of DNS.BE for the MX records of domains. In normal cases, these requests are not made to DNS.BE but to the domain name holders’ name servers. When requesting the MX records directly at the top level name servers, the requester will get a response back that the query fails.
Organisation like the CERT (Belgian National Computer Emergency Response Team) and FCCU (Federal Computer Crime Unit) where informed about the “attack” – or abuse – on the DNS name servers.
The investigations shows that botherders did not configure the botnet like it should be and it was not a direct attack to the DNS.BE. Most traffic came from Eastern Europe and South-America.