Perfect Debian Lenny w/Bind....I know...old. This is a Master server. dnstop is showing this (2 min snapshot) 69.2.103.10 saveroads.ru 2234 30.0 178.33.2.138 saveroads.ru 538 7.2 85.17.12.105 saveroads.ru 466 6.3 82.5.11.119 saveroads.ru 265 3.6 162.216.101.154 saveroads.ru 248 3.3 37.187.54.55 saveroads.ru 218 2.9 with the following named.conf.options listen-on {localhost;}; allow-recursion { 192.168.xxx all my vpn subnets }; I imagine I'm missing something in order to block outside requests like what seems to be a ddos attack since saveroads.ru and not me or anywhere near me. I'm also thinking that my setup is fine, but I may have malware somewhere on the network sending these requests but I'm not sure how to tell which computer out of 200 on the vpn. Unsure on all fronts. Any help would be appreciated...i'm not even sure whwere to start. I wonder if there is a BIND setting to block query to saveroads.ru??
If you have only your local IP adresses and IP's of server / subnets you own in the "allow-recursion" recursion settings, then your bind server is not a open resolver. But you should check the file named.conf.options as well, in case that there is a different recusrion setting.
