DNS query denied

Hi it is normal.
Someone try to DDos throw your DNS, but recursion is blocked.
Try to configure fail2ban for DNS attacks to block attackers.

 

I don't know much about fail2ban but I did try to do something similar to what you are suggesting. I configured a fail2ban jail to block IP addresses from /var/log/syslog with following failregex

Code:

failregex = .*named\[.*\]: client <HOST>.*: query \(cache\) \'a.packetdevil.com/A/IN\' denied\s*$

It was working perfectly untill I realized that these IPs were not to be blamed as the attacker is someone else.

If this is not what you were suggesting then please elaborate.

Also, I have set allow-recursion { none; }; in /etc/bind/named.conf.options, is this correct?

 

it is your master or slave DNS?

 

This is the master DNS I am using on my website.
Few days ago I read somewhere that one should not use their master DNS on the website, is it because of that?

 

Please post your named.conf (named.conf.local)

 

Hi
This is how my /etc/bind/named.conf.local looks like

Code:

zone "domainname.com" {
        type master;
        allow-transfer {8.33.137.137;};
        file "/etc/bind/pri.domainname.com";
};

and named.conf contains

Code:

/ This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

 

provide also /etc/bind/named.conf.options

 

Here

Code:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { ::1; };
        listen-on { any; };
//      allow-recursion { none; };
};

BTW, thank you for taking interest in helping out, much appreciated.

 

You can also add:

empty-zones-enable no;

And also you can use forwarders, it is your ISP provider DNS servers.

 

Thank you, I have added

Code:

empty-zones-enable no;

hope this makes desired difference

By forwarding, are you referring to "Allow zone transfer" in ISPConfig > DNS Zone > Allow zone transfer to these IPs ?

BTW, good news is that queries have decreased over time to mere 3,000 to 4,000 per day from 150,000.

Will update after observing for few days

 

Allow transfer zone is needed, for example, for your Slave DNS server.

But forwarder is needed to forwarded from your DNS to your provider DNS if you do not support searching zone.

 

That sounds very gibberish to me because I am extremely weak at resolving and troubleshooting DNS configuration.
Are you suggesting something on the lines of this:
http://www.akadia.com/services/howto_forward_dns.html

 

I am not use forward first;
Just:
forwarders {
193.247.122.26;
};

 

Wouldn't this make my local DNS useless?
I mean then will all dns queries be forwarded to my ISP's DNS?

 

Forwards only dns zones that not delegated on your DNS server.

 

Alright, thank you so much.
I'll try that tomorrow.

 

hi
i have some problem
problem is resolve i dont understand
if its resolve pls explain solution step step
thanks...

 

same problem

hi
i have some problem
problem is resolve i dont understand
if its resolve pls explain solution step step
thanks...

 

Hi,
It is not the recursion, but query caching.
Simply use something like this:

acl "trusted" {
192.168.0.0/16;
10.153.154.0/24;
localhost;
localnets;
};

options {
...
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
...
};