HELP DNS flood

D

defomaz

Verified User
Joined
Jun 26, 2008
Messages
130
Hi help me, i get a lot message like this


Aug 27 21:46:36 cancun named[3666]: client 74.191.67.11#64315: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:36 cancun named[3666]: client 63.87.170.8#50649: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:36 cancun named[3666]: client 74.191.67.11#3614: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:36 cancun named[3666]: client 63.107.135.71#47774: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:36 cancun named[3666]: client 63.87.170.8#3706: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:37 cancun named[3666]: client 74.191.67.11#13099: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:41 cancun named[3666]: client 63.107.135.71#51602: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:41 cancun named[3666]: client 63.87.170.8#12900: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:41 cancun named[3666]: client 74.191.67.11#3614: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:41 cancun named[3666]: client 74.191.67.11#64315: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:47 cancun named[3666]: client 63.107.135.71#53676: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:47 cancun named[3666]: client 63.87.170.8#35529: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:47 cancun named[3666]: client 74.191.67.11#25178: query (cache) 'www.clbooks.com/A/IN' denied
Aug 27 21:46:47 cancun named[3666]: client 63.107.135.71#28503: query (cache) 'www.clbooks.com/A/IN' denied
Click to expand...

it seem from opendns i search found this
http://help.directadmin.com/item.php?id=115 and already enable by default.

how to fix this?

Thank you
 
ozgurerdogan said:
Did you find a solution for this. I got same issue. But everything is running fine.
Click to expand...

Hallo,

my solution is disable recursion
edit /etc/named.conf

change allow-recursion { localnets; }; to recursion no;
 
Last edited:
Current Bind does not allow recursion by default.
If you've got errors:

"query (cache) 'www.clbooks.com/A/IN' denied"

it's ok. The query was blocked. It has nothing to worry about, until you does not want to get rid off this messages. If you're fed up with them, just re-confiure logging section of your /etc/named.conf
 
zEitEr said:
Current Bind does not allow recursion by default.
If you've got errors:

"query (cache) 'www.clbooks.com/A/IN' denied"

it's ok. The query was blocked. It has nothing to worry about, until you does not want to get rid off this messages. If you're fed up with them, just re-confiure logging section of your /etc/named.conf
Click to expand...

yes, but we get lot denied message
could you give us sample which section and what value in named.conf?
 
Disabling recursion did not help. So I tried setting loggin:

logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time no;
print-severity no;
print-category no;
};
category default{
simple_log;
};
};

and waiting for next log to results.
 
ozgurerdogan said:
Disabling recursion did not help. So I tried setting loggin:

logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time no;
print-severity no;
print-category no;
};
category default{
simple_log;
};
};

and waiting for next log to results.
Click to expand...

hiii waiting your result. thanks
 
I still recieve denied messages. Probably I used wrong switches in logging options. I am trying to find correct switches and will write here when I found the correct ones.

Thanks
 
Tune severity option:

Code: 
[ severity (critical | error | warning | notice |
                 info | debug [ level ] | dynamic ); ]

Or disble logging at all.
 
ok following:

Code: 
logging {
category ncache { null; };
category security { null; };
category lame-servers{ null; };
};

disabled recieving denied messages.
 
You must log in or register to reply here.
Back
Top