troubleshooting Question

How do I block DNS queries with ANY as header in Cisco 5510 or BIND?

Avatar of AhmedCrabgrass
AhmedCrabgrass asked on
VulnerabilitiesRouters
4 Comments2 Solutions335 ViewsLast Modified:
I keep getting attacks on my DNS servers from China I am trying to formulate a rule on my Cisco 5510 with ADSM 6.3 to drop this malicious traffic. it is all udp traffic I have been blocking ip ranges but i know there is a better fix.

here is an example packet I am seeing in wireshark -- I will get 1,000s of connection from this one host (in this case the 115 addr but it will just change if I block it) the request always seems to be for any and will roll through all of the domains I host.

102      0.064022      10.137.2.2      115.238.236.6      DNS      345      Standard query response 0x2132  SOA ns1.xxxt.net NS ns1.xxxt.net NS ns2.xxxt.net MX 10 ALT1.ASPMX.L.GOOGLE.com MX 20 ALT2.ASPMX.L.GOOGLE.com MX 0 ASPMX.L.GOOGLE.com TXT A xxx.xxx.48.215

My DNS Server is running CENTOS 5.5 and BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.1


I am not familiar with the Cisco platform as much so any guidance or if you need more info let me know.
or will this ACL rule on bind work for the named.conf

aclNotTheseIPs{
      !1.48.0.0/15;!1.50.0.0/16;!1.68.0.0/14;!1.80.0.0/13;!1.92.0.0/20;
};

Dont know if this helps but almost all the traffic comes from

CHINANET Zhejiang province network
No.31,jingrong street
CN
No.31 ,jingrong street,beijing
China Telecom
ASKER CERTIFIED SOLUTION
netcmh

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros