• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2119
  • Last Modified:

Urgent ! bind dns server being attacked

Hi,

My server is down, there is no others alert msg in /var/log/messages,only ALOT of these msgs appeared(at below)

What wrong with my DNS, or some1 is DDOS attacking my dns?

So far, i only allow my server to do recursive lookup:
allow-recursion {
127.0.0.1;
xx.xx.xx.xx;

Seem like nothing wrong with my named.conf, is too many attack from different IPs, and is not feasible to block all the IPs..

Anyone can HELP.

Thanks man,
-Qaz


Oct 14 06:40:24 gs named[3152]: client 64.226.28.68#4902: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs last message repeated 3 times
Oct 14 06:40:24 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 207.155.252.95#1053: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 209.63.205.1#1485: query (cache) denied
Oct 14 06:40:24 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:25 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#22864: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#23356: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.127.17.71#36702: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 64.226.28.68#47798: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 12.8.14.153#18432: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.24.113#1525: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 195.94.80.1#53: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 194.109.22.38#4096: query (cache) denied
Oct 14 06:40:26 gs named[3152]: client 213.130.44.55#41880: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 209.220.225.42#3039: query (cache) denied
Oct 14 06:40:27 gs last message repeated 2 times
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#38983: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 217.115.141.107#51230: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 194.109.22.34#11651: query (cache) denied
Oct 14 06:40:27 gs named[3152]: client 195.94.80.1#53: query (cache) denied
0
qazakax
Asked:
qazakax
1 Solution
 
bestondoaCommented:
Hello,

Those messages are normal and indicate that those IPs are trying to use your DNS but are not allowed due to configuration options.

Is your DNS server for public use, or do you limit the usage to certain clients?

Cheers,

Bestondoa
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now