dns server is attacked

Makara chanmakara at gmail.com
Thu Feb 4 00:12:26 UTC 2010


Hi,

I'm dns administrator, please give me an excuse if it's not the right place
to ask the question. My dns server is attacked, below are the log

Feb  4 06:26:29 ns01 named[7791]: client 204.194.238.15#42502: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 196.14.64.145#54363: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.33.216.129#58386: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 62.141.32.3#10049: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 203.220.10.226#27558: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 117.102.98.253#4696: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.69.34.8#52506: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 64.27.31.126#23550: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 195.25.5.65#49345: query (cache)
'110.25.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.65.201.98#20322: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 82.108.95.210#2104: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 65.39.178.17#53701: query (cache)
'200.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: FORMERR resolving '
ns1.pendingrenewaldeletion.com/AAAA/IN': 205.178.190.51#53
Feb  4 06:26:29 ns01 named[7791]: unexpected RCODE (REFUSED) resolving '
cheappaintballgunstore.com/A/IN': 74.53.26.66#53
Feb  4 06:26:29 ns01 named[7791]: client 85.115.52.190#24528: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 83.103.75.172#19067: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.119.189.138#63190: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 194.206.126.15#49858: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 72.232.214.226#10860: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: FORMERR resolving '
ns2.pendingrenewaldeletion.com/AAAA/IN': 205.178.190.51#53
Feb  4 06:26:29 ns01 named[7791]: client 83.243.8.6#26089: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 97.64.179.210#19383: query (cache)
'200.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 81.4.88.10#24179: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.33.216.208#8796: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 66.119.189.138#34887: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied
Feb  4 06:26:29 ns01 named[7791]: client 208.67.219.11#39638: query (cache)
'118.26.178.115.in-addr.arpa/PTR/IN' denied


I'm using BIND 9.3.3rc2, any idea or advise how to solve the problem? it's
response so slow and some time is not response
-- 
The person who loves others will also be loved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100204/d9780fdb/attachment.html>


More information about the bind-users mailing list