Re: limiting number of recursion/queries per IP address
This is not good idea to use statefull firewall on heavy loaded DNS server. firewall becomes low place in the system. As workaround you can use dns_flood_detector + simple script to insert and remove IP's from firewall blocking table or chain. 27.10.2010 23:26, Sebastian Tymków пишет: In FreeBSD you can use pf to limit connections using tables and setting up rate limit. http://forums.freebsd.org/showthread.php?t=1727 Best regards, Shamrock On Tue, Oct 26, 2010 at 9:29 PM, Kebba Foon kebba.f...@qcell.gm mailto:kebba.f...@qcell.gm wrote: On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote: What version of bind, on what OS? I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but still have ihave the same problems. here may be some things you can do with iptables to limit connections http://www.debian-administration.org/articles/187 i will just look into these but it done thing iptables will be the ideal solution. I don't recall seeing anything native to BIND that would allow for limits per src. t. -Original Message- From: bind-users-bounces+tsnyder=rim.com http://rim.com@lists.isc.org http://lists.isc.org [mailto:bind-users-bounces+tsnyder mailto:bind-users-bounces%2Btsnyder=rim.com http://rim.com@lists.isc.org http://lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org mailto:bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 1 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba ___ bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Рыбин Дмитрий Эксперт по аварийному восстановлению сервисов Отдел систем ШПД Департамент ИТ- инфраструктуры Группа компаний Вымпелком Tel: +7(495) 7871000 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: limiting number of recursion/queries per IP address
In FreeBSD you can use pf to limit connections using tables and setting up rate limit. http://forums.freebsd.org/showthread.php?t=1727 Best regards, Shamrock On Tue, Oct 26, 2010 at 9:29 PM, Kebba Foon kebba.f...@qcell.gm wrote: On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote: What version of bind, on what OS? I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but still have ihave the same problems. here may be some things you can do with iptables to limit connections http://www.debian-administration.org/articles/187 i will just look into these but it done thing iptables will be the ideal solution. I don't recall seeing anything native to BIND that would allow for limits per src. t. -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto: bind-users-bounces+tsnyder bind-users-bounces%2Btsnyder=rim.com@ lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 1 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: limiting number of recursion/queries per IP address
What version of bind, on what OS? There may be some things you can do with iptables to limit connections http://www.debian-administration.org/articles/187 I don't recall seeing anything native to BIND that would allow for limits per src. t. -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 1 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: limiting number of recursion/queries per IP address
On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote: What version of bind, on what OS? I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but still have ihave the same problems. here may be some things you can do with iptables to limit connections http://www.debian-administration.org/articles/187 i will just look into these but it done thing iptables will be the ideal solution. I don't recall seeing anything native to BIND that would allow for limits per src. t. -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 1 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: limiting number of recursion/queries per IP address
iptables is available in most Linux distros and it is definitely better to block things there than in BIND itself. I don't know that BIND has a rate limiter. It DOES have a blacklist option where you can completely block a site's access to it but as noted above it is better to do it in iptables or firewall because then it never gets to BIND in the first place. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 3:29 PM To: bind-users@lists.isc.org Subject: RE: limiting number of recursion/queries per IP address On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote: What version of bind, on what OS? I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but still have ihave the same problems. here may be some things you can do with iptables to limit connections http://www.debian-administration.org/articles/187 i will just look into these but it done thing iptables will be the ideal solution. I don't recall seeing anything native to BIND that would allow for limits per src. t. -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of Kebba Foon Sent: Tuesday, October 26, 2010 2:27 PM To: bind-users@lists.isc.org Subject: limiting number of recursion/queries per IP address Dear List, Is is possible to limit the number of recursion/queries per IP address. there is some kind of virus thats bombarding my dns servers with a lot of queries, i realize that when ever the total number of recursion clients reach 1000 dns resolution stop working. i have increase the recursive-clients to 1 but still these those not help. and also i have increase the number of max open files on my OS which at one point was complaining about too many open files. can someone please direct me to how best to solve this problem its some kind of DDOS. Thanks Kebba ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users