fabian dacunha wrote:
Dear Robert,
Really apprecite your quick reply and thanks for the same..
it worked beautifully.. the badguys acl
now jus for my information if u can help me
by the way i had send a mail to the owners of the ips and they replied to me saying that they had a DDOS attack on thier server n its been stop 5 days ago .
now i wd like to know if it was really stopped wht were the messages stating
A request to look up a ns record
was my server querying their server or their server quering mine
You got a udp packet from who knows where.
since a rule in my firewall which blocked the below IP did not help
Huh? Then maybe there is something wrong with the rule. I basically just drop such packets on the floor.
apprecite ur kind help
the messages in my logs are
Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query (cache) './NS/IN' denied Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query (cache) './NS/IN' denied Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query (cache) './NS/IN' denied
but moment i made the changes as sugessted by u in my named.conf the messages stopped perfectly
This just shows that your authoritative bind server was configured correctly. Congratulations!