high volume from outside our networks question

Dmitri Tarkhov tarkhov at dionaholding.ru
Thu Jan 31 06:41:12 UTC 2013 

One very simple question - do you filter spoofed IPs
at your firewalls?
And, BTW, a lot of other must be stuff, like ports 135-139 ...
(but that's another story)

Personally I reject spoofed IPs even without logging.

> They are more then likely spoofed IP's and
> someone is using our servers to attack people.

rich carroll wrote:

>  acl "trusted" {
>      xxx.xxx.xxx.0/20;
>      xxx.xxx.xxx.0/23;
>      xxx.xxx.xxx.0/22;
>      xx.xxx.xxx.0/23;
>      xx.xxx.xxx.0/23;
>      xx.xxx.xxx.0/23;
>      x.xx.xxx.0/21;
>      x.xx.xx.0/24;
>      xxx.xxx.xxx.0/24;
>      localhost;
>      localnets;
>  };
> 
> options {
>     // Relative to the chroot directory, if any
>     directory    "/etc/namedb";
>     pid-file    "/var/run/named/pid";
>     dump-file    "/var/dump/named_dump.db";
>     statistics-file    "/var/stats/named.stats";
>     allow-recursion { "trusted"; };
>     allow-query    { any; };
>     allow-query-cache { "trusted"; };
> 
> Its standard conf with the default stuff in it as well as a 24 zones or so
> in it.
> 
> 
> 
> On Wed, Jan 30, 2013 at 3:30 PM, Steven Carr <sjcarr at gmail.com> wrote:
> 
> 
>>So the response you received wasn't recursed ";; WARNING: recursion
>>requested but not available", so at least that ACL is holding up, but
>>it could be that the response you got is still being served from your
>>DNS server's cache. Can you share the exact configuration statements
>>you have implemented for allow-recursion and allow-query-cache and are
>>these options in the view stanza or in the global options?
>>
>>Best practice is that authoritative and recursive DNS servers should
>>be completely separate.
>>
>>Steve
>>
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards,
Dmitri Tarkhov

More information about the bind-users mailing list