[ale] Fwd: Under Attack, my dns servers

Lightner, Jeff JLightner at dsservices.com
Mon Oct 6 15:36:36 EDT 2014


Just posted named.conf entry examples in response to an earlier post.

What you have looks ok to me but I don't use "-" in my acl names.   Since "-" is valid for zone file names in named.conf it probably is OK for acl names and I mention it as the only noticeable difference that stood out to me in what you wrote.



-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Horkan Smith
Sent: Monday, October 06, 2014 3:16 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Fwd: Under Attack, my dns servers

Can you share the lines where you control access (including recursion)?  In my case, they look like:

named.conf.options:
        allow-transfer { home-nets; domain-backups; };
        allow-recursion { home-nets; domain-backups; };
        allow-query { home-nets; domain-backups; };

Where home-nets and domain-backups are defined as acls.

later!
   horkan


On Mon, Oct 06, 2014 at 12:03:39PM -0400, Chuck Payne wrote:
> Guys,
>
> I am under attack where my dns server is being used to do a ddos
> attack. I believe it's a bot net, because the ip are too random. I
> don't think the domain I am seeing in my bind log is real
>
> fkfkfkfz.guru
>
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query:
> fkfkfkfz.guru IN ANY +E (50.192.59.225)
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query (cache)
> 'fkfkfkfz.guru/ANY/IN' denied
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: drop REFUSED
> response to 92.222.9.0/24
>
> I have turn on recursion, but now people can't find my domains any more.
> I have also try to limit the rate as well
>
>   rate-limit {
>                 responses-per-second 25;
>                 window 5;
>         };
>
>
> I am running Debian and openSUSE.
>
> Anything I can do to stop them and make where people can find my
> domains? I don't want to have to pay for something I can do and have control over.
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want
> to package and distribute , or create your own linux distro. Give SUSE
> Studio a try.
>
>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want
> to package and distribute , or create your own linux distro. Give SUSE
> Studio a try.

> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


--
Horkan Smith
678-777-3263 cell, ale at horkan.net
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

__________________________________________________________
CONFIDENTIALITY NOTICE: This e-mail may contain privileged

or confidential information and is for the sole use of the intended

recipient(s). If you are not the intended recipient, any disclosure,

copying, distribution, or use of the contents of this information

is prohibited and may be unlawful. If you have received this electronic

transmission in error, please reply immediately to the sender that

you have received the message in error, and delete it. Thank you



More information about the Ale mailing list