?
Solved

Urgent ! bind dns server being attacked

Posted on 2004-10-14
3
Medium Priority
?
2,112 Views
Last Modified: 2010-08-05
Hi,

My server is down, there is no others alert msg in /var/log/messages,only ALOT of these msgs appeared(at below)

What wrong with my DNS, or some1 is DDOS attacking my dns?

So far, i only allow my server to do recursive lookup:
allow-recursion {
127.0.0.1;
xx.xx.xx.xx;

Seem like nothing wrong with my named.conf, is too many attack from different IPs, and is not feasible to block all the IPs..

Anyone can HELP.

Thanks man,
-Qaz


Oct 14 06:40:24 gs named[3152]: client 64.226.28.68#4902: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs last message repeated 3 times
Oct 14 06:40:24 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 209.63.205.1#1485: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#22864: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#23356: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.127.17.71#36702: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#47798: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.8.14.153#18432: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.24.113#1525: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.22.38#4096: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 209.220.225.42#3039: query (cache) denied
Oct 14 06:40:27 gs last message repeated 2 times
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#38983: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#11651: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 195.94.80.1#53: query (cache) denied
0
Comment
Question by:qazakax
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
bestondoa earned 100 total points
ID: 12398973
Hello,

Those messages are normal and indicate that those IPs are trying to use your DNS but are not allowed due to configuration options.

Is your DNS server for public use, or do you limit the usage to certain clients?

Cheers,

Bestondoa
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month9 days, 20 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question