[CentOS] probem with bind???

Sun Feb 22 19:00:41 UTC 2009
fabian dacunha <fabian at baladia.gov.kw>

Dear Robert,

Really apprecite your quick reply and thanks for the same..

it worked beautifully..
the badguys acl

now jus for my information if u can help me

by the way i had send a mail to the owners of the ips and they replied to
me saying that  they had a DDOS attack on thier server n its been stop 5
days ago .

now i wd like to know if it was really stopped wht were the  messages stating

was my server querying their server
or their server quering mine

since a rule in my firewall which blocked the below IP did not help


apprecite ur kind help

the messages in my logs are

Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query
(cache) './NS/IN' denied
Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query
(cache) './NS/IN' denied
Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query
(cache) './NS/IN' denied
Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query
(cache) './NS/IN' denied
Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query
(cache) './NS/IN' denied

but moment i made the changes as sugessted by u in my named.conf the
messages stopped perfectly
Regards


Fabian




>
>> Feb 22 09:14:52 kmdns1 named[2087]: client 62.109.4.89#59870: query
>> (cache) './NS/IN' denied
>>
>> now in my firewall i tryied to block this ip but the messages
>> dont stop
>>
>> i also upgraded bind to version bind-9.3.4-6.0.3.P1.el5_2 but
>> no avail the problem still there
>>
>>
>> i jus like to know whts this problem and how could i solve it
>>
>> is there a problem with my DNS server
>>
>> thnks and regards
>>
>> apprecite your kind help
>>
>>
>> fabian
>
> fabian,
>
> you might try something like the bad-guys acl i setup a long time ago in
> named.conf
>
> change the ips as you see fit
>
>
>
> // Default named.conf generated by install of bind-9.2.4-2
> //
> // r.initials August 29 2005
> //
> acl     "bad-guys" {
>         201.114.231.0/24;
>         201.114.236.0/24;
> };
> logging {
>         category lame-servers { null; };
> };
> options {
>         version "Bind";
>         directory "/var/named";                 // working directory
>         listen-on { 127.0.0.1; redactedx.y.z.a; };
>         listen-on-v6 { none; };
>         allow-transfer { redactedx.y.z.a; redactedx.y.z.b;};
>         blackhole { "bad-guys"; };
>         dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
> //      pid-file "named.pid";                   // Put pid file in working
> dir
>         allow-query { any; };                   // This is the default
>         recursion yes; // Do provide recursive service ???? or not???
> };
> include "/etc/rndc.key";
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.