bind at jubileegroup.co.uk
Tue Jul 26 12:14:55 UTC 2016
On Tue, 26 Jul 2016, Ejaz wrote:
> There is huge traffic coming out from my DNS server since yesterday and
> flooding the IP 126.96.36.199 ...
Are you able to let us see your bind configuration?
This might be IP spoofing, an attempted a DOS attack on the IP.
Is there any reason why that IP should be allowed to query your
nameserver? If not, then you should change your configuration so
that only those clients who are expected to query the server are
allowed to do so. The 'acl', 'allow-query' and 'allow-recursion'
directives for the BIND configuration file enable you to do this.
What operating system are you running on your server? If all else
fails, in most cases it will be trivial to implement a local firewall
rule or two - at least as a temporary measure until the, er, root of
the problem is discovered and solved. Consider the TARPIT target. :)
More information about the bind-users