We help IT Professionals succeed at work.
Get Started

How do I block DNS queries with ANY as header in Cisco 5510 or BIND?

AhmedCrabgrass
on
334 Views
Last Modified: 2014-08-14
I keep getting attacks on my DNS servers from China I am trying to formulate a rule on my Cisco 5510 with ADSM 6.3 to drop this malicious traffic. it is all udp traffic I have been blocking ip ranges but i know there is a better fix.

here is an example packet I am seeing in wireshark -- I will get 1,000s of connection from this one host (in this case the 115 addr but it will just change if I block it) the request always seems to be for any and will roll through all of the domains I host.

102      0.064022      10.137.2.2      115.238.236.6      DNS      345      Standard query response 0x2132  SOA ns1.xxxt.net NS ns1.xxxt.net NS ns2.xxxt.net MX 10 ALT1.ASPMX.L.GOOGLE.com MX 20 ALT2.ASPMX.L.GOOGLE.com MX 0 ASPMX.L.GOOGLE.com TXT A xxx.xxx.48.215

My DNS Server is running CENTOS 5.5 and BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.1


I am not familiar with the Cisco platform as much so any guidance or if you need more info let me know.
or will this ACL rule on bind work for the named.conf

aclNotTheseIPs{
      !1.48.0.0/15;!1.50.0.0/16;!1.68.0.0/14;!1.80.0.0/13;!1.92.0.0/20;
};

Dont know if this helps but almost all the traffic comes from

CHINANET Zhejiang province network
No.31,jingrong street
CN
No.31 ,jingrong street,beijing
China Telecom
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 2 Answers and 4 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE