Why would I want to allow Bind to allow recursive queries in my situation?

Thu Dec 15 02:33:17 UTC 2005

Tony Toews <ttoews at telusplanet.net> wrote:

>I'm running Bind 9.3.1 to provide DNS services for a few very low traffic domains
>hosted on the same webserver.  10 K page views per day at the most.

Let me be somewhat more open.  <smile>

My web server is being used for "recursive dns dos attack" according to my upstream
ISP.   I've been doing a lot of research and some reconfiguring.  I've setup the
following in the named.conf file.   However there are still some very suspicious log
entires.

Note that evergreeneco.com is not one of my domains.

Tony

========================================================
log file

14-Dec-2005 14:50:59.657 client 63.251.136.100#4208: query: evergreeneco.com IN MX -
14-Dec-2005 14:51:04.454 client 63.251.136.155#33848: query: evergreeneco.com IN MX
-E
14-Dec-2005 14:51:04.516 client 63.251.136.155#33848: query: evergreeneco.com IN MX
-E
14-Dec-2005 14:51:04.595 client 63.251.136.100#4208: query: evergreeneco.com IN MX -
14-Dec-2005 14:51:04.657 client 63.251.136.100#4208: query: evergreeneco.com IN MX -
14-Dec-2005 14:51:04.735 client 63.251.136.100#4208: query: evergreeneco.com IN MX -
14-Dec-2005 14:51:04.798 client 63.251.136.100#4208: query: evergreeneco.com IN MX -

===========================================================
named.conf file

acl mynameservers {localhost;};
/* acl myrecursers {any;}; */

options
{
    directory "C:\serversw\bind\etc";
    allow-transfer {mynameservers;};
    recursion no;
    additional-from-auth no; 
    additional-from-cache no; 
    version "";
};

/* remove/add the comment delimiters below to activate/disactivate logging */

logging
{
 channel my_file {file "C:\Data\logs\bind dns\dns.log"; severity debug; print-time
yes; };
 category default {my_file;};
 category queries {my_file;};
 category lame-servers { null;};
};

zone "." {type hint; file "db.cache"; };
zone "one of the domains on my server"    {type master; file "one of the domains on
my server";    };
-- 
Tony Toews, Microsoft Access MVP
   Please respond only in the newsgroups so that others can 
read the entire thread of messages.
   Microsoft Access Links, Hints, Tips & Accounting Systems at 
http://www.granite.ab.ca/accsmstr.htm