Overload Denial of Service attack
The Doctor
doctor at doctor.nl2k.ab.ca
Wed Oct 10 12:33:56 UTC 2007
We have a real one.
Running the RC, it got overloaded with so many
requests that in essence named dies.
I tried to do a gdb but the gdb seg faulted.
How can I prevent overload, i.e. regulating the number of
requests on DNS from outside the LAN?
Here is a snippnet of the named.conf :
//Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "7ZbGK94NdSa2WACxx72W1w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// generated by named-bootconf.pl
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
dump-file "/etc/named/named.dump";
max-ncache-ttl 86400;
zone-statistics yes;
allow-transfer {
<backups>
};
allow-notify {
<backups>
};
also-notify {
<backups on port 53>
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
version "no";
listen-on {primary dns; localhost; };
rrset-order {
class ANY type ANY name "*" order fixed;
};
};
I would love to kick these DoSSer in the repos so they cannot reproduce.
I wonder if my named and its core would be helpful.
--
Member - Liberal International
This is doctor at nl2k.ab.ca Ici doctor at nl2k.ab.ca
God, Queen and country! Beware Anti-Christ rising!
Voting Canadians vote anyone but Harper Cronies!!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the bind-users
mailing list