Solved

Urgent ! bind dns server being attacked

Posted on 2004-10-14
3
2,108 Views
Last Modified: 2010-08-05
Hi,

My server is down, there is no others alert msg in /var/log/messages,only ALOT of these msgs appeared(at below)

What wrong with my DNS, or some1 is DDOS attacking my dns?

So far, i only allow my server to do recursive lookup:
allow-recursion {
127.0.0.1;
xx.xx.xx.xx;

Seem like nothing wrong with my named.conf, is too many attack from different IPs, and is not feasible to block all the IPs..

Anyone can HELP.

Thanks man,
-Qaz


Oct 14 06:40:24 gs named[3152]: client 64.226.28.68#4902: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs last message repeated 3 times
Oct 14 06:40:24 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 209.63.205.1#1485: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#22864: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#23356: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.127.17.71#36702: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#47798: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.8.14.153#18432: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.24.113#1525: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.22.38#4096: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 209.220.225.42#3039: query (cache) denied
Oct 14 06:40:27 gs last message repeated 2 times
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#38983: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#11651: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 195.94.80.1#53: query (cache) denied
0
Comment
Question by:qazakax
3 Comments
 
LVL 1

Accepted Solution

by:
bestondoa earned 25 total points
ID: 12398973
Hello,

Those messages are normal and indicate that those IPs are trying to use your DNS but are not allowed due to configuration options.

Is your DNS server for public use, or do you limit the usage to certain clients?

Cheers,

Bestondoa
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question