Stopping ddos
Saleck
saleck at albatani.cz
Tue Aug 2 21:04:26 UTC 2022
Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
> Recently I have been having problems with my server not responding to my
> requests. I thought it was all sorts of issues, but I finally looked at
> the logs and:
>
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584
> (.): view external: query (cache) './A/IN' denied
>
> grep -c denied messages
> 45868
>
> And that is just since Jul 31 3am.
>
> This is fairly recent so I never looked into what I might do to protect
> against this. I am the master for my domain, so I do need to allow for
> legitimate queries.
>
> Any best practices on this?
>
> I am running bind 9.11.4
>
> thanks
You could think about adding fail2ban to your server with some custom rules.
Helped us in a similar situation.
Kind regards,
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220802/50656605/attachment.sig>
More information about the bind-users
mailing list