Solved

Urgent ! bind dns server being attacked

Posted on 2004-10-14
3
2,110 Views
Last Modified: 2010-08-05
Hi,

My server is down, there is no others alert msg in /var/log/messages,only ALOT of these msgs appeared(at below)

What wrong with my DNS, or some1 is DDOS attacking my dns?

So far, i only allow my server to do recursive lookup:
allow-recursion {
127.0.0.1;
xx.xx.xx.xx;

Seem like nothing wrong with my named.conf, is too many attack from different IPs, and is not feasible to block all the IPs..

Anyone can HELP.

Thanks man,
-Qaz


Oct 14 06:40:24 gs named[3152]: client 64.226.28.68#4902: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs last message repeated 3 times
Oct 14 06:40:24 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 209.63.205.1#1485: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#22864: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#23356: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.127.17.71#36702: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#47798: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.8.14.153#18432: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.24.113#1525: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.22.38#4096: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 209.220.225.42#3039: query (cache) denied
Oct 14 06:40:27 gs last message repeated 2 times
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#38983: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#11651: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 195.94.80.1#53: query (cache) denied
0
Comment
Question by:qazakax
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
bestondoa earned 25 total points
ID: 12398973
Hello,

Those messages are normal and indicate that those IPs are trying to use your DNS but are not allowed due to configuration options.

Is your DNS server for public use, or do you limit the usage to certain clients?

Cheers,

Bestondoa
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question