This thread is more a notice to people to check there dns server.
As you might have noticed, or heard a lot of Ddos attacks these days are done by using dns. If you want to check if your server is vulnerable, use this url: https://isc.sans.edu/dnstest.html
By default DirectAdmin allows recursion to everyone around the world wich leads into botnets abusing your dns servers by spoofing ip's and sending dns requests to your server.
For more info take a look at these links:
http://www.secureworks.com/research/threats/dns-amplification/
http://isc.sans.org/diary.html?storyid=5713
http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
When using DirectAdmin and no other servers use this as a dns resolver, put this in your /etc/bind/named.conf.options
allow-recursion {
127.0.0.1;
};
This will allow the localhost to do dns lookups using your server, everything else is denied.
I noticed the latest bind versions don't do this by default, can someone confirm this?
Kr,
Bram
As you might have noticed, or heard a lot of Ddos attacks these days are done by using dns. If you want to check if your server is vulnerable, use this url: https://isc.sans.edu/dnstest.html
By default DirectAdmin allows recursion to everyone around the world wich leads into botnets abusing your dns servers by spoofing ip's and sending dns requests to your server.
For more info take a look at these links:
http://www.secureworks.com/research/threats/dns-amplification/
http://isc.sans.org/diary.html?storyid=5713
http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
When using DirectAdmin and no other servers use this as a dns resolver, put this in your /etc/bind/named.conf.options
allow-recursion {
127.0.0.1;
};
This will allow the localhost to do dns lookups using your server, everything else is denied.
I noticed the latest bind versions don't do this by default, can someone confirm this?
Kr,
Bram
