U.Mutlu wrote: [...]
... and the attack would be a so called "reflected UDP DNS attack" carried out by someone else using forged IP headers
Even authoritative nameservers are vulnerable to some degree.
(IMO again cheap BS excuse as nowadays every ISP uses egress/ingress filtering to block such SenderIP-forgeries).
I rate this statement/expectation as wishful thinking, sorry.
Is this a case for CERT's ?
Definitely!
Anybody have experience with CERT's and can give tips?
Depending on "where" you are based, or what your existing relationships to CERTs are, you may want to get in touch with the one that covers the constitency you are in, or try to get in touch with other CERTs that my have working relationships with the ISPs providing connectivity to those address blocks or sources of the offending packets. Hth, Wilfried.