Bind 9 not responding to queries
sir izake
sirizake at gmail.com
Sun Apr 12 19:00:32 UTC 2020
Ok Stephane
There's no firewall or IPS in front of the DNS. Only the Centos firewall
policy permitting dns traffic.
Sure, I will take the tcpdump and revert
Thanks & Best Regards
Isaac
On Sun, 12 Apr 2020, 3:48 pm Stephane Bortzmeyer, <bortzmeyer at nic.fr> wrote:
> On Sun, Apr 12, 2020 at 01:41:52AM +0000,
> sir izake <sirizake at gmail.com> wrote
> a message of 153 lines which said:
>
> > At specific times of day bind fails to respond to queries even
> > though service is shown to run (configured to respond to my network
> > IPs, this works fine till this time when service fails to answer
> > queries)
>
> The problem may be because of another component in your network. Are
> you sure there is not some sort of firewall or IPS in front of BIND,
> which decided to drop packets? Check with tcpdump or similar tools
> that the machine with BIND does receive the queries.
>
> > Apr 11 22:38:09 ##### kernel: TCP: request_sock_TCP: Possible SYN
> flooding
> > on port 53. Sending cookies. Check SNMP counters.
>
> This may indeed be a DoS attack but may be not. Check with tcpdump
> what sort of traffic you receive. Also, the message is for TCP but DNS
> works mostly with UDP so it may has nothing to do with your problem.
>
> > Could log point to DDoS attack ( how do i mitigate)
>
> It depends. There is no general rule to deal wih DoS attacks, you need
> to investigate first.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200412/9d63d8de/attachment.htm>
More information about the bind-users
mailing list