Re: Stopping ddos

Tue, 02 Aug 2022 14:05:31 -0700 

Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):
> Recently I have been having problems with my server not responding to my
> requests.  I thought it was all sorts of issues, but I finally looked at
> the logs and:
> 
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
> 114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
> (.): view external: query (cache) './A/IN' denied
> Aug  2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584
> (.): view external: query (cache) './A/IN' denied
> 
> grep -c denied messages
> 45868
> 
> And that is just since Jul 31 3am.
> 
> This is fairly recent so I never looked into what I might do to protect
> against this.  I am the master for my domain, so I do need to allow for
> legitimate queries.
> 
> Any best practices on this?
> 
> I am running bind 9.11.4
> 
> thanks

You could think about adding fail2ban to your server with some custom rules. 
Helped us in a similar situation.

Kind regards,
David

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to