Dear All,
I am sorry for posting this query here but hope someone can help me out i have been running Centos 5 as my prinamry DNS n Mail server with bind 9.2
every thing works fine but in my/var/messages log i see continuosly the below meesages
Feb 22 09:14:46 kmdns1 named[2087]: client 62.109.4.89#17222: query (cache) './NS/IN' denied Feb 22 09:14:46 kmdns1 named[2087]: client 62.109.4.89#26398: query (cache) './NS/IN' denied Feb 22 09:14:51 kmdns1 named[2087]: client 62.109.4.89#65326: query (cache) './NS/IN' denied Feb 22 09:14:52 kmdns1 named[2087]: client 62.109.4.89#59870: query (cache) './NS/IN' denied
now in my firewall i tryied to block this ip but the messages dont stop
i also upgraded bind to version bind-9.3.4-6.0.3.P1.el5_2 but no avail the problem still there
i jus like to know whts this problem and how could i solve it
is there a problem with my DNS server
thnks and regards
apprecite your kind help
fabian
Feb 22 09:14:52 kmdns1 named[2087]: client 62.109.4.89#59870: query (cache) './NS/IN' denied
now in my firewall i tryied to block this ip but the messages dont stop
i also upgraded bind to version bind-9.3.4-6.0.3.P1.el5_2 but no avail the problem still there
i jus like to know whts this problem and how could i solve it
is there a problem with my DNS server
thnks and regards
apprecite your kind help
fabian
fabian,
you might try something like the bad-guys acl i setup a long time ago in named.conf
change the ips as you see fit
// Default named.conf generated by install of bind-9.2.4-2 // // r.initials August 29 2005 // acl "bad-guys" { 201.114.231.0/24; 201.114.236.0/24; }; logging { category lame-servers { null; }; }; options { version "Bind"; directory "/var/named"; // working directory listen-on { 127.0.0.1; redactedx.y.z.a; }; listen-on-v6 { none; }; allow-transfer { redactedx.y.z.a; redactedx.y.z.b;}; blackhole { "bad-guys"; }; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; // pid-file "named.pid"; // Put pid file in working dir allow-query { any; }; // This is the default recursion yes; // Do provide recursive service ???? or not??? }; include "/etc/rndc.key";
Dear Robert,
Really apprecite your quick reply and thanks for the same..
it worked beautifully.. the badguys acl
now jus for my information if u can help me
by the way i had send a mail to the owners of the ips and they replied to me saying that they had a DDOS attack on thier server n its been stop 5 days ago .
now i wd like to know if it was really stopped wht were the messages stating
was my server querying their server or their server quering mine
since a rule in my firewall which blocked the below IP did not help
apprecite ur kind help
the messages in my logs are
Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query (cache) './NS/IN' denied Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query (cache) './NS/IN' denied Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query (cache) './NS/IN' denied
but moment i made the changes as sugessted by u in my named.conf the messages stopped perfectly Regards
Fabian
Feb 22 09:14:52 kmdns1 named[2087]: client 62.109.4.89#59870: query (cache) './NS/IN' denied
now in my firewall i tryied to block this ip but the messages dont stop
i also upgraded bind to version bind-9.3.4-6.0.3.P1.el5_2 but no avail the problem still there
i jus like to know whts this problem and how could i solve it
is there a problem with my DNS server
thnks and regards
apprecite your kind help
fabian
fabian,
you might try something like the bad-guys acl i setup a long time ago in named.conf
change the ips as you see fit
// Default named.conf generated by install of bind-9.2.4-2 // // r.initials August 29 2005 // acl "bad-guys" { 201.114.231.0/24; 201.114.236.0/24; }; logging { category lame-servers { null; }; }; options { version "Bind"; directory "/var/named"; // working directory listen-on { 127.0.0.1; redactedx.y.z.a; }; listen-on-v6 { none; }; allow-transfer { redactedx.y.z.a; redactedx.y.z.b;}; blackhole { "bad-guys"; }; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; // pid-file "named.pid"; // Put pid file in working dir allow-query { any; }; // This is the default recursion yes; // Do provide recursive service ???? or not??? }; include "/etc/rndc.key";
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
fabian dacunha wrote:
Dear Robert,
Really apprecite your quick reply and thanks for the same..
it worked beautifully.. the badguys acl
now jus for my information if u can help me
by the way i had send a mail to the owners of the ips and they replied to me saying that they had a DDOS attack on thier server n its been stop 5 days ago .
now i wd like to know if it was really stopped wht were the messages stating
A request to look up a ns record
was my server querying their server or their server quering mine
You got a udp packet from who knows where.
since a rule in my firewall which blocked the below IP did not help
Huh? Then maybe there is something wrong with the rule. I basically just drop such packets on the floor.
apprecite ur kind help
the messages in my logs are
Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query (cache) './NS/IN' denied Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query (cache) './NS/IN' denied Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query (cache) './NS/IN' denied Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query (cache) './NS/IN' denied
but moment i made the changes as sugessted by u in my named.conf the messages stopped perfectly
This just shows that your authoritative bind server was configured correctly. Congratulations!
-
Chan Chung Hang Christopher -
fabian dacunha -
RobertH