I'm having many, many dns denied connections, and i don't know if this is dangerous. Pls see: and much more. Many attempts per second. The firewall and fail2ban are activated, but no action is taken. Someone can explain me why? ISPC 3.0.5.4p1 on CentOS 6.4
My named.conf Code: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion no; allow-recursion { none; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.conf.local";
Are the domains listed in the log domains where you provide dns service for? If not, then the denied queries mean that your bind is configured correctly, as it denies recursive queries from external sources for non local domains.
No, are completely unknown domains Now i've applied this tweak: http://www.howtoforge.com/forums/showthread.php?t=61573 And now the fail2ban log is full of banned ips Do you think is a correct way?
