Re: [Pdns-users] dns flood problem
Is your dns server directly exposed to internet and not behind firewall? If it is behind firewall I would recommend enable IPS with dns signatures. On 1 Jun 2013 19:04, Steffan Noord steffanno...@gmail.com wrote: Hello list, Last night my server crashed with a high traffic load 100 mb/s When i stop pdns the server is working fine When i start pdns the server is going to 100 mbit incomming traffic Im running pdns-static.i386 3.1-1 all other dns servers running the same config is running fine any idees where to look. Looks like the dns server is under attack Thanks Steffan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. -Oorspronkelijk bericht- Van: Steffan Noord [mailto:steffanno...@gmail.com] Verzonden: zaterdag 1 juni 2013 15:33 Aan: pdns-users@mailman.powerdns.com Onderwerp: dns flood problem Hello list, Last night my server crashed with a high traffic load 100 mb/s When i stop pdns the server is working fine When i start pdns the server is going to 100 mbit incomming traffic Im running pdns-static.i386 3.1-1 all other dns servers running the same config is running fine any idees where to look. Looks like the dns server is under attack Thanks Steffan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
On 3/6/2013 11:48 πμ, Steffan Noord wrote: Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. Start from fail2ban. Easy to setup and very effective. Regards, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
Hello Nick, Do you want to share your config with me. Wat are dns queries that we want to block ? Im starting the logs of pdns on a higher level I see some of these errors Received a malformed qdomain from 194.xx.xx.xx, 'error(2):\032Connection\032to\032service\032failed.xxx.com': sending servfail -Oorspronkelijk bericht- Van: Nikolaos Milas [mailto:nmi...@admin.noa.gr] Verzonden: maandag 3 juni 2013 11:25 Aan: Steffan Noord CC: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] dns flood problem On 3/6/2013 11:48 πμ, Steffan Noord wrote: Last weekend i had a DNS attack Is there some kind of IDS i can install in front of the pdns installation ? Thanxs for any advice on this. Start from fail2ban. Easy to setup and very effective. Regards, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns flood problem
On 3/6/2013 1:10 μμ, Steffan Noord wrote: Hello Nick, Do you want to share your config with me. Wat are dns queries that we want to block ? Im starting the logs of pdns on a higher level I see some of these errors Received a malformed qdomain from 194.xx.xx.xx, 'error(2):\032Connection\032to\032service\032failed.xxx.com': sending servfail Try: http://wiki.sosdg.org/software:fail2ban:bad-qdomain Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
