Dear Robert,
Really apprecite your quick reply and thanks for the same..
it worked beautifully..
the badguys acl
now jus for my information if u can help me
by the way i had send a mail to the owners of the ips and they replied to
me saying that they had a DDOS attack on thier server n its been stop 5
days ago .
now i wd like to know if it was really stopped wht were the messages stating
was my server querying their server
or their server quering mine
since a rule in my firewall which blocked the below IP did not help
apprecite ur kind help
the messages in my logs are
Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query
(cache) './NS/IN' denied
Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query
(cache) './NS/IN' denied
Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query
(cache) './NS/IN' denied
Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query
(cache) './NS/IN' denied
Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query
(cache) './NS/IN' denied
but moment i made the changes as sugessted by u in my named.conf the
messages stopped perfectly
Regards
Fabian
>
>> Feb 22 09:14:52 kmdns1 named[2087]: client 62.109.4.89#59870: query
>> (cache) './NS/IN' denied
>>
>> now in my firewall i tryied to block this ip but the messages
>> dont stop
>>
>> i also upgraded bind to version bind-9.3.4-6.0.3.P1.el5_2 but
>> no avail the problem still there
>>
>>
>> i jus like to know whts this problem and how could i solve it
>>
>> is there a problem with my DNS server
>>
>> thnks and regards
>>
>> apprecite your kind help
>>
>>
>> fabian
>
> fabian,
>
> you might try something like the bad-guys acl i setup a long time ago in
> named.conf
>
> change the ips as you see fit
>
>
>
> // Default named.conf generated by install of bind-9.2.4-2
> //
> // r.initials August 29 2005
> //
> acl "bad-guys" {
> 201.114.231.0/24;
> 201.114.236.0/24;
> };
> logging {
> category lame-servers { null; };
> };
> options {
> version "Bind";
> directory "/var/named"; // working directory
> listen-on { 127.0.0.1; redactedx.y.z.a; };
> listen-on-v6 { none; };
> allow-transfer { redactedx.y.z.a; redactedx.y.z.b;};
> blackhole { "bad-guys"; };
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> // pid-file "named.pid"; // Put pid file in working
> dir
> allow-query { any; }; // This is the default
> recursion yes; // Do provide recursive service ???? or not???
> };
> include "/etc/rndc.key";
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
