Re: [Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack

Brielle Bruns Fri, 17 Jun 2011 10:45:09 -0700

To follow up, if you want to use fail2ban to block those types ofqueries automatically, here's a modified ruleset.


 in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]

failregex = pdns(?:\[\d{1,5}\])?: Not authoritative for '.*',.*sendingservfail to <HOST> \(recursion was desired\)

ignoreregex =
======

 jail.conf:

 ========
 [pdns-qdomain]
 enabled = true
 #port = domain,8053
 protocol = udp
 filter = pdns
 logpath = /var/log/daemon.log
 bantime = 259200
 maxretry = 2
 ========


Its pretty easy to make matching rules.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack

Reply via email to