Hello The DNS on my server has beed abused in a DDoS attack. My server is open for DNS Recursion. How could I solve this problem?
Add/uncomment the following to the options part of your bind.conf (or bind.conf.options) Code: // By default, name servers should only perform recursive domain // lookups for their direct clients. If recursion is left open // to the entire Internet, your name server could be used to // perform distributed denial of service attacks against other // innocent computers. For more information on DDoS recursion: // http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 allow-recursion { localnets; }; Check your system with http://www.dnsstuff.com
Thank you very mutch. So I would add to the file Code: allow-recursion { 127.0.0.1; 85.213.56.0/24; 85.213.59.0/24; 85.213.73.0/24; 85.214.16.0/24; }; But where is that file, I can find som named.conf files, but the "allow-recursion" parameter is not there. Is this enough to sequre the DNS or would you also recomend other measures.
If you are using ISPconfig, you will need to set it in: /root/ispconfig/isp/conf/named.conf.master If you do not use ISPconfig, the named.conf is located in /etc/bind What I normally do (as suggested by martinfst) is I add the following to the named.conf.master Make sure that you add it within the options part! Code: allow-recursion { localhost; }; So the options part should look like this: Code: options { pid-file "/var/run/bind/run/named.pid"; directory "{BINDDIR}"; auth-nxdomain no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; allow-recursion { localhost; }; }; If you want to add people to the list who are allowed to use your DNS, add the IP; below the localhost; 10.0.0.10; 10.0.0.20; Make sure that you restart BIND to make it read the new settings
Thank you very mutch. I have added the Code: allow-recursion { localhost; }; to my named.conf.master as I use ISPConfig. And restarted named Code: /etc/init.d/named restart But when I set the servers IP as DNS on a computer I was able to use it for DNS. Is this right? I have some networks witch use this server as DNS, should I add this networks under localhost; like this? Code: allow-recursion { localhost; 85.213.56.0/24; 85.213.59.0/24; 85.213.73.0/24; };
You need to rebuild the dns files after changing the master template. See http://www.howtoforge.com/forums/showpost.php?p=63605&postcount=6 for a brief howto, which I think will work. Yes