Stopping ddos

[Saleck]

Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
> Recently I have been having problems with my server not responding to my
> requests.  I thought it was all sorts of issues, but I finally looked at
> the logs and:
> 
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584
> (.): view external: query (cache) './A/IN' denied
> 
> grep -c denied messages
> 45868
> 
> And that is just since Jul 31 3am.
> 
> This is fairly recent so I never looked into what I might do to protect
> against this.  I am the master for my domain, so I do need to allow for
> legitimate queries.
> 
> Any best practices on this?
> 
> I am running bind 9.11.4
> 
> thanks

You could think about adding fail2ban to your server with some custom rules. 
Helped us in a similar situation.

Kind regards,
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220802/50656605/attachment.sig>