Hello guys,
I see, my server is authoritative for some internal domain, so I will try
Allow-query. Thank you.
But the attack is from my allowed IP addresses so I can't block the entire zone.
I tried NXDOMAINS-PER-SECOND but server is not giving nxdomain response but
servfail.
How about
Hi,
No, I have an access list that allows only our ISP zones.
BR, Nyamka
From: m...@at.encryp.ch
Sent: Tuesday, March 28, 2023 3:40 PM
To: Nyamkhand Buluukhuu ; bind-users@lists.isc.org
Subject: Re: Bind dns amplification attack
Are you an open recursor
Hello,
We are having slowly increasing dns requests from our customer zones all asking
mXX.krebson.ru. I think this is a DNS amplification attack.
And source zones/IP addresses are different but sending same requests like
below.
[cid:ecee1d77-4e4a-4661-b415-32efff6013c7]
Most of them are rate
-directory.
auto-dnssec maintain;
This is for the automated key management. With this option enabled, named will
periodically check if there are new key available, or expired key and manage
DNSKEY records. It's very helpful when you renew your keys.
Have a nice day :)
BR, NYAMKHAND
Hi,
Yeah, on both.
I didn't configure to filter records, is it necessary?
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongolia
Mobile: (976) 94081017
Web: www.mobicom.mn<http://www.newcom.mn/>
Before you
to do with IPv6 records. I can't query PTR and some other
records too
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongolia
Mobile: (976) 94081017
Web: www.mobicom.mn<http://www.newcom.mn/>
Before you start - Be
et.mn. IN
;; AUTHORITY SECTION:
mobinet.mn. 3600 IN SOA mdns.mobinet.mn. administrator.mobinet.mn. 2020080309
10800 3600 1209600 38400
;; Query time: 1 msec
;; SERVER: 2407:6400:0:400::12#53(2407:6400:0:400::12)
;; WHEN: Tue Sep 15 08:43:46 +08 2020
;; MSG SIZE rcvd: 122
Have a nice day :)
B
Ah, I see,
the cache on the resolver is out of date?
I restarted the named but it's still the same.
I restarted named on authoritative /mdns.mobinet.mn/ too.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongolia
Mobile
n query from authoritative servers, I
get answers.
Also, when I use OpenDNS, I get answers normally.
I'm stuck here, any advice is appreciated.
Thanks :)
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongolia
Mobile: (976)
Hi,
You can see what is happening in debug mode.
Start your named with -g option
ex: /usr/sbin/named -g
Have a nice day :)
BR, NYAMKHAND Buluukhuu
From: bind-users on behalf of Adrian van
Bloois
Sent: Thursday, July 9, 2020 6:08 PM
To: BIND 9 mailinglist
Hello,
listen-on-v6 port 53 {};
You can try like above.
then after restarting named, check result from 'netstart -ltnp' command to see
if v6 address is listening.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
From: bind-users on behalf of Duleep
Thilakarathne
Hi Ged,
That's a very useful detailed explanation.
Thank you very much.
I think, after some backup, I will run make install from the new source.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongolia
Mobile: (976) 94081017
}${mandir}/man1/isc-config.sh.1
rm -f ${DESTDIR}${bindir}/bind9-config
rm -f ${DESTDIR}${bindir}/isc-config.sh
So I guess, I can run "make uninstall".
Thanks.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
Ulaanbaatar -14220, Mongol
a newer version with a different prefix and make a link?
Which one is the safest way? If make uninstall doesn't work, how do you guys
upgrade your compiled bind?
I appreciate any suggestions.
Thank you.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
Engineer
TPD/ETSD
UNESCO street - 28, MPM Complex
14 matches
Mail list logo