Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a): > Recently I have been having problems with my server not responding to my > requests. I thought it was all sorts of issues, but I finally looked at > the logs and: > > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205 > (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 > 114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466 > (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 > 209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 > 114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406 > (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518 > (.): view external: query (cache) './A/IN' denied > Aug 2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584 > (.): view external: query (cache) './A/IN' denied > > grep -c denied messages > 45868 > > And that is just since Jul 31 3am. > > This is fairly recent so I never looked into what I might do to protect > against this. I am the master for my domain, so I do need to allow for > legitimate queries. > > Any best practices on this? > > I am running bind 9.11.4 > > thanks
You could think about adding fail2ban to your server with some custom rules. Helped us in a similar situation. Kind regards, David
signature.asc
Description: This is a digitally signed message part.
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users