Stopping ddos
Nathan Ollerenshaw
chrome at stupendous.net
Tue Aug 2 21:30:03 UTC 2022
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
> Recently I have been having problems with my server not responding to my
> requests. I thought it was all sorts of issues, but I finally looked at
> the logs and:
>
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
> (.): view external: query (cache) './A/IN' denied
> Aug 2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584
> (.): view external: query (cache) './A/IN' denied
You're being used as an unwilling participant in a DNS amplification attack.
Reconfigure your server to not be a public recursive DNS server. Only
respond to requests for your zones.
If you are also providing caching DNS for clients, use views to only
allow those clients to use the server for recursive lookups.
More information about the bind-users
mailing list