On 7/8/2014 5:30 AM, Ruud Baart wrote: > Good day, > > I have a problem in protecting one of our DNS severs (Debian, bind9). > One of our DNS servers is attacked with cache queries. Our servers are > protected the best way I can but this type of requests are coming from > everywhere and I can not find a effective way of stopping these queries. > > The queries look like these (tcpdump): > 14:17:52.521563 IP 36.234.214.186.7824 > <my DNS server>.53: 47574+ A? > kjaveb.sfbsodnssbsdbsdbsndbsidbdfwff.fsf.crayumm.com. (70) > 14:17:52.522458 IP 72.37.49.70.49040 > <my DNS server>.53: 17713+ A? > mdsfcn.sfbsodnssbsdbsdbsndbsidbdfwff.fsf.crayumm.com. (70) > 14:17:52.523229 IP <my DNS server>.53 > 36.234.214.186.7824: 47574 > Refused- 0/0/0 (70) > 14:17:52.523313 IP <my DNS server>.53 > 72.37.49.70.49040: 17713 > Refused- 0/0/0 (70)
> > I can't find a pattern in the banned IP addresses: they don't belong to > one or a few IP address blocks. > > So my question: is there a way to drop DNS query cache requests with > shorewall without interfering the intended DNS service? Which Shorewall version are you running? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
