DDOS attack Bind 9.9 - P2
I have isc.org attack."* isc.org internet *?".* It comes from my own clients that I have allowed in my ACL. the question is how to stop this attack? this causes my traffic on the interface is intense and also up my cpu percentage. that I can do to prevent it?? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to
190.34.55.70 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.33.3.27 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.32.57.243 -> 201.224.83.242 DNS C isc.org. Internet * ? 201.224.149.40 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.35.22.44 -> 201.224.83.242 DNS C isc.org. Internet * ? 186.73.76.87 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.34.44.109 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.32.56.118 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.34.27.201 -> 201.224.83.242 DNS C isc.org. Internet * ? 201.224.115.26 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.32.165.139 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.33.231.148 -> 201.224.83.242 DNS C isc.org. Internet * ? 190.35.84.29 -> 201.224.83.242 DNS C isc.org. Internet * ? Thanks a lot! JM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re:
thanks chuck, about the other question, as to reduce the response time of my server when the domain does not exist? Thanks a lot! JM 2012/11/29 Chuck Swiger > Hi-- > > On Nov 29, 2012, at 3:00 PM, Jose Manuel Delgado G. wrote: > > I have the following problem in resolving my DNS using Bind 9, sends me > an error connection time out, no servers Could be reached. that way I can > avoid giving these errors and how I can reduce the time of the response? > > > > this example with my server and public google dns server. > > > > # dig @8.8.8.8 videolinedvd.com > [ ... ] > > You've got two nameservers for the domain per WHOIS as: > >Domain servers in listed order: > NS1.VIDEOLINEDVD.COM > NS2.VIDEOLINEDVD.COM > > ...but they don't have A records setup. Your nameservers must have A > records: > > % dig NS1.VIDEOLINEDVD.COM @8.8.8.8 > [ ... ] > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36700 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;NS1.VIDEOLINEDVD.COM. IN A > > See http://www.dnsvalidation.com/reports/50b7e96a7d79ee480a04 > > Regards, > -- > -Chuck > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
repeated several times request
Bind 9.9.1-P2 I have installed on a server with Solaris 10, when a client makes a query, this is repeated several times and it comes with the domain installed in the client machine. 172.25.3.5 -> 172.25.3.11 DNS C samsungvuieventlog.vlingo.com. Internet ? 172.25.3.11 -> 172.25.3.5 DNS R Error: 3(Name Error) 172.25.3.5 -> 172.25.3.11 DNS C samsungvuieventlog.vlingo.com.* cwpanama.com*. Internet ? 172.25.3.11 -> 172.25.3.5 DNS R Error: 3(Name Error) 172.25.3.5 -> 172.25.3.11 DNS C samsungvuieventlog.vlingo.com. Internet Addr ? 172.25.3.11 -> 172.25.3.5 DNS R Error: 3(Name Error) 172.25.3.5 -> 172.25.3.11 DNS C samsungvuieventlog.vlingo.com.* cwpanama.com*. Internet Addr ? 172.25.3.11 -> 172.25.3.5 DNS R Error: 3(Name Error) also happened with earlier versions of Bind Thanks a lot! JM ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
