dns server is attacked

Makara chanmakara at gmail.com
Thu Feb 4 02:20:57 UTC 2010 

Hi Mark,

Thank you every much for you help. I can solve the problem now.

On Thu, Feb 4, 2010 at 7:52 AM, Mark Andrews <marka at isc.org> wrote:

>
> In message <b4a3339c1002031612n5fd6395dy258959f605adbb4e at mail.gmail.com>,
> Makara writes:
> > Hi,
> >
> > I'm dns administrator, please give me an excuse if it's not the right
> place
> > to ask the question. My dns server is attacked, below are the log
>
> You are not being attacked.  The zone 26.178.115.in-addr.arpa is
> delegated to you but you are not configured to serve it.
>
> 26.178.115.in-addr.arpa. 86400  IN      NS      ns01.digi.com.kh.
> 26.178.115.in-addr.arpa. 86400  IN      NS      ns02.digi.com.kh.
>
> You are seeing other nameservers performing reverse lookups on the
> address in 26.178.115.in-addr.arpa.  This will usually be because
> you made a connection to a service which uses these servers for
> reverse DNS lookups for access control or just logging where the
> request came from.
>
> Either remove the delegation or serve the 26.178.115.in-addr.arpa zone.
>
> Mark
>
> > Feb  4 06:26:29 ns01 named[7791]: client 204.194.238.15#42502:
> query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 196.14.64.145#54363: query
> (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
> 06:26:29 ns01 named[7791]: client 66.33.216.129#58386: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 62.141.32.3#10049: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 203.220.10.226#27558: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 117.102.98.253#4696: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.69.34.8#52506: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 64.27.31.126#23550: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 195.25.5.65#49345: query (cache) >
> '110.25.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.65.201.98#20322: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 82.108.95.210#2104: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 65.39.178.17#53701: query (cache) >
> '200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: FORMERR resolving ' > ns1.pendingrenewaldeletion.com/AAAA/IN
> ':
> 205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: unexpected
> RCODE (REFUSED) resolving ' > cheappaintballgunstore.com/A/IN':
> 74.53.26.66#53 > Feb  4 06:26:29 ns01 named[7791]: client
> 85.115.52.190#24528: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
> denied > Feb  4 06:26:29 ns01 named[7791]: client 83.103.75.172#19067:
> query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 66.119.189.138#63190: query
> (cache) > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4
> 06:26:29 ns01 named[7791]: client 194.206.126.15#49858: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 72.232.214.226#10860: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: FORMERR resolving ' > ns2.pendingrenewaldeletion.com/AAAA/IN
> ':
> 205.178.190.51#53 > Feb  4 06:26:29 ns01 named[7791]: client
> 83.243.8.6#26089: query (cache) > '118.26.178.115.in-addr.arpa/PTR/IN'
> denied > Feb  4 06:26:29 ns01 named[7791]: client 97.64.179.210#19383:
> query (cache) > '200.26.178.115.in-addr.arpa/PTR/IN' denied > Feb
> 4 06:26:29 ns01 named[7791]: client 81.4.88.10#24179: query (cache)
> > '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29
> ns01 named[7791]: client 66.33.216.208#8796: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 66.119.189.138#34887: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > Feb  4 06:26:29 ns01
> named[7791]: client 208.67.219.11#39638: query (cache) >
> '118.26.178.115.in-addr.arpa/PTR/IN' denied > > > I'm using BIND
> 9.3.3rc2, any idea or advise how to solve the problem? it's >
> response so slow and some time is not response > -- > The person
> who loves others will also be loved.  -- Mark Andrews, ISC 1 Seymour
> St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742
> INTERNET: marka at isc.org
>



-- 
The person who loves others will also be loved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100204/e50760d8/attachment.html>

More information about the bind-users mailing list