Packet dumps at your edge would likely be helpful to your diagnosis.
At your firewall (or other edge appliance) you are seeing successful UDP from a
high port on your system (DNS client) to port 53 on the server and a reply in
the opposite direction. You are not seeing success from an external
Just put an ACL filter on your bind config for recursive queries. this
will make your dns less susceptible to flash-crowd type attacks. Cisco
has a short document about this.
http://www.cisco.com/web/about/security/intelligence/dns-bcp.html
just check out the bind-centric info. discard the rest.
On Mon, Jan 14, 2013 at 06:36:44PM +0530,
Gaurav Kansal wrote
a message of 156 lines which said:
> I tried the following commands, but unfortunately didn't succeed.
Why do you want to limit? If it is against a DoS attack, I warn you
that most Netfilter modules (for instance, "state") require
Dear All,
I want to limit the dns request per ip source through iptables.
I tried the following commands, but unfortunately didn't succeed.
-A RH-Firewall-1-INPUT -m udp -p udp --dport 53 -m state --state NEW -m
recent --set --name DNSQF --rsource
-A RH-Firewall-1-INPUT -m udp -p udp
Daniele,
It may be a simple case of your firewall not allowing any DNS queries
that do not request recursion. Difficult to know.
You may want to try:
dig +trace www.isc.org
This will follow the referrals from the root, and you can verify that
this works.
The next step may be to try:
dig +trac
What tests should I do?
If I query directly an external name-server (one of the root ones or
8.8.8.8 for example) I receive the correct response.
For this reason I'm inclined to think that the router doesn't block packets
to/from port 53.
Why should it block packets generated by BIND9?
2013/1/12
6 matches
Mail list logo
