Stopping ddos
Robert Moskowitz
rgm at htt-consult.com
Tue Aug 2 22:29:18 UTC 2022
On 8/2/22 17:30, Nathan Ollerenshaw via bind-users wrote:
> On 8/2/22 1:02 PM, Robert Moskowitz wrote:
>> Recently I have been having problems with my server not responding to
>> my requests. I thought it was all sorts of issues, but I finally
>> looked at the logs and:
>>
> You're being used as an unwilling participant in a DNS amplification
> attack.
>
> Reconfigure your server to not be a public recursive DNS server. Only
> respond to requests for your zones.
>
> If you are also providing caching DNS for clients, use views to only
> allow those clients to use the server for recursive lookups.
My clients use my internal view. My external view has:
match-clients { any; };
match-destinations { any; };
allow-query { any; };
allow-query-cache { localhost; };
recursion no;
I am way behind the times, as I really have not made any significant
changes to my config for a couple years. Things have been stable.
And I am running CentOS7-arm which only has 9.11.4...
BTW, I am in the market for a 'affordable' DNS box to run here and get
out of the business of maintaining my own software. I am approaching
72, and not something I want to do anymore. And I have not see a
service provider that would let me really config my own zone files...
More information about the bind-users
mailing list