I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-P2 as recommended but still continuo

Denis Laventure Denis_Laventure at uqac.ca
Mon Apr 15 20:13:45 UTC 2013


I'm having the same problem but for those domains...

   hao.360.cn.
   openboxcdn.mobilem.360.cn.
   xliar.com.
   www.so.com.
   www.baidu.com.
   www.360.cn
   down.360.cn
   www.hao123.com

15-Apr-2013 15:00:08.485 security: info: client 117.21.187.20#52538: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:08.576 security: info: client 117.21.187.20#48582: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:08.607 security: info: client 117.21.187.20#33885: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:08.907 security: info: client 113.57.142.156#43948: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:08.921 security: info: client 113.57.142.156#55251: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:08.921 security: info: client 113.57.142.156#57918: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:10.526 security: info: client 101.226.167.13#55747: view external: query (cache) 'openboxcdn.mobilem.360.cn/A/IN' denied
15-Apr-2013 15:00:10.680 security: info: client 101.226.167.13#34730: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:10.717 security: info: client 101.226.167.13#42395: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:10.719 security: info: client 101.226.167.13#47594: view external: query (cache) 'down.360.cn/A/IN' denied
15-Apr-2013 15:00:10.724 security: info: client 101.226.167.13#50480: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:12.124 security: info: client 120.192.83.233#43365: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:12.144 security: info: client 120.192.83.233#49937: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:12.168 security: info: client 120.192.83.233#51890: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:13.413 security: info: client 183.60.211.65#38238: view external: query (cache) 'down.360.cn/A/IN' denied
15-Apr-2013 15:00:13.816 security: info: client 221.130.199.65#50742: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:13.939 security: info: client 221.130.199.65#40763: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:14.057 security: info: client 221.130.199.65#42103: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:14.115 security: info: client 120.128.6.42#53560: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:14.176 security: info: client 120.128.6.42#32963: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:14.183 security: info: client 183.60.211.65#53812: view external: query (cache) 'openboxcdn.mobilem.360.cn/A/IN' denied
15-Apr-2013 15:00:14.433 security: info: client 120.128.6.42#42780: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:15.536 security: info: client 120.128.6.42#47952: view external: query (cache) 'xliar.com/A/IN' denied
15-Apr-2013 15:00:16.160 security: info: client 101.226.167.13#42395: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:32.633 security: info: client 120.128.3.251#34613: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:32.641 security: info: client 122.143.14.49#40426: view external: query (cache) 'www.360.cn/A/IN' denied
15-Apr-2013 15:00:32.657 security: info: client 122.143.14.49#58925: view external: query (cache) 'hao.360.cn/A/IN' denied
15-Apr-2013 15:00:32.665 security: info: client 120.128.3.251#36352: view external: query (cache) 'www.so.com/A/IN' denied
15-Apr-2013 15:00:32.713 security: info: client 120.128.3.251#40508: view external: query (cache) 'hao.360.cn/A/IN' denied

The only solution I came with was to block those IPs on my firewall... But there's always new IP to add every minutes!

Denis

De : bind-users-bounces+denis_laventure=uqac.ca at lists.isc.org [mailto:bind-users-bounces+denis_laventure=uqac.ca at lists.isc.org] De la part de Jose Manuel Delgado G.
Envoyé : 15 avril 2013 11:02
À : bind-users at lists.isc.org
Objet : I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-P2 as recommended but still continuou...

190.34.55.70 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
 190.33.3.27 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.32.57.243 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
201.224.149.40 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.35.22.44 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
186.73.76.87 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.34.44.109 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.32.56.118 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.34.27.201 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
201.224.115.26 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.32.165.139 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.33.231.148 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?
190.35.84.29 -> 201.224.83.242 DNS C isc.org<http://isc.org/>. Internet * ?

Thanks a lot!
JM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130415/97affff9/attachment-0001.html>


More information about the bind-users mailing list