Bind 9 not responding to queries
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sun Apr 12 15:48:19 UTC 2020
On Sun, Apr 12, 2020 at 01:41:52AM +0000,
sir izake <sirizake at gmail.com> wrote
a message of 153 lines which said:
> At specific times of day bind fails to respond to queries even
> though service is shown to run (configured to respond to my network
> IPs, this works fine till this time when service fails to answer
> queries)
The problem may be because of another component in your network. Are
you sure there is not some sort of firewall or IPS in front of BIND,
which decided to drop packets? Check with tcpdump or similar tools
that the machine with BIND does receive the queries.
> Apr 11 22:38:09 ##### kernel: TCP: request_sock_TCP: Possible SYN flooding
> on port 53. Sending cookies. Check SNMP counters.
This may indeed be a DoS attack but may be not. Check with tcpdump
what sort of traffic you receive. Also, the message is for TCP but DNS
works mostly with UDP so it may has nothing to do with your problem.
> Could log point to DDoS attack ( how do i mitigate)
It depends. There is no general rule to deal wih DoS attacks, you need
to investigate first.
More information about the bind-users
mailing list