Sorry for consulting but I do not know what these lines are, they have been shown for two months. I have not made any changes, these messages only started to show, I have looked for information but I am not really sure what they are. I would like to know if here I can see what these connections mean, they are all denied and apparently they do not affect, but they are very insistent: Code: May 3 20:47:16 mail named[19670]: client @0x7fb66c0569c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:47:16 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:47:16 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:47:51 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:47:51 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:47:51 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:10 mail named[19670]: client @0x7fb66c0789c0 98.237.163.219#80 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:10 mail named[19670]: client @0x7fb66c0789c0 98.237.163.219#80 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:10 mail named[19670]: client @0x7fb66c0789c0 98.237.163.219#80 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:42 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:42 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied May 3 20:48:42 mail named[19670]: client @0x7fb66c0789c0 24.193.48.159#53 (sl): query (cache) 'sl/ANY/IN' denied And I would like to see if it is necessary and good practice to add these IPs to fail2ban? How could I add a new filter (/etc/fail2ban/filter.d) and add it to the jail (/etc/fail2ban/jail.local jail.local) Thank you
It could be someone trying to use your server to ddos someone; ensure your bind is up to date and has response rate limiting enabled (which i think is the default now, but verify that).
Thank you very much Jesse, I will look for information on what I should do to fix it correctly and not make an error.