Urgent ! bind dns server being attacked

Hi,

My server is down, there is no others alert msg in /var/log/messages,only ALOT of these msgs appeared(at below)

What wrong with my DNS, or some1 is DDOS attacking my dns?

So far, i only allow my server to do recursive lookup:
allow-recursion {
127.0.0.1;
xx.xx.xx.xx;

Seem like nothing wrong with my named.conf, is too many attack from different IPs, and is not feasible to block all the IPs..

Anyone can HELP.

Thanks man,
-Qaz


Oct 14 06:40:24 gs named[3152]: client 64.226.28.68#4902: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs last message repeated 3 times
Oct 14 06:40:24 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 209.63.205.1#1485: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#22864: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#23356: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.127.17.71#36702: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#47798: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.8.14.153#18432: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.24.113#1525: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.22.38#4096: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 209.220.225.42#3039: query (cache) denied
Oct 14 06:40:27 gs last message repeated 2 times
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#38983: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#11651: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 195.94.80.1#53: query (cache) denied
qazakaxAsked:
Who is Participating?
 
bestondoaConnect With a Mentor Commented:
Hello,

Those messages are normal and indicate that those IPs are trying to use your DNS but are not allowed due to configuration options.

Is your DNS server for public use, or do you limit the usage to certain clients?

Cheers,

Bestondoa
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.