On 03/08/2022 19:08, Mark Milhollan wrote:
On Tue, 2 Aug 2022, Robert Moskowitz wrote:
I just, maybe, figured out why I have been having problems with my
CentOS DNS server with BIND 9.11.4.
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
114.29.194.4#11205 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
64.68.114.141#39466 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80
62.109.204.22#4406 (.): view external: query (cache) './A/IN' denied
Aug 2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
(.): view external: query (cache) './A/IN' denied
Aug 2 15:47:50 onlo named[6155]: client @0xaa882dc8
114.29.202.117#9584 (.): view external: query (cache) './A/IN' denied
Usually that's someone hoping to use you in a reflection attack, which
is successful since UDP can be forged but it hasn't got the volume it
might if you answered differently (with a referral). Sometimes it is a
policy denial attack, hoping you will block the apparent source thus
denying it service.
The only way to stop it is for all others to employ BCP 38 which will
likely never happen, or for you to stop allowing outside use of your
nameserver which means having someone else handle DNS for you (which
just seems to stop it, from your perspective).
It shouldn't cause problems unless your server is vastly underpowered.
What problems are you experiencing?
Enabling rate limiting in BIND can help.
https://kb.isc.org/docs/aa-00994
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
