CentOS +Bind (possible Server Atack)

Pete Long
Pete Long used Ask the Experts™
on
Hi

Got a tweet to say my web server was down this morning, the VPS shows the server as down so I hit the power and it was back up quickly.

I had a dig thought the logs (I'm not a *nix expert so bear with me) the /var/log/messages were full of these...

Aug  7 03:51:52 MY-HOSTNAME named[490]: error (unexpected RCODE REFUSED) resolving 'lalka.com.ru/ANY/IN': 77.222.51.250#53

Looks like some kind of attack? What's do I need to change or add to my BIND server to mitigate this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant

Author

Commented:
Some reading makes me think I've been used in a DNS amplification attack because my DNS server has recursion enabled.

Reading.................
Pete LongTechnical Consultant

Author

Commented:
BIND recursion disabled an tested - I will post full instructions shortly...............

PL
Technical Consultant
Commented:

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial