My DNS server is receiving hundreds of query request in every minutes from unknown users.
How can I stop this?
Asked
Active
Viewed 424 times
1
-
What software are you using for DNS ? Are these repeated requests from a the same group of ip addresses (if so we can use iptables to restrict number of connections) ? – NGRhodes Jun 05 '14 at 11:26
-
Please [edit] your question and tell us i) which version of Ubuntu ii) which DNS server iii) give us an example of a log file showing these attempts iv) explain what kind of network you are running, what is this server serving? – terdon Jun 05 '14 at 14:19
1 Answers
4
Step 1: Don't run a public DNS server. Use a hosted solution. I've just been over the reasons why with another user. There's no decent reason for running your own IMO, at least not for external production hosting.
There doesn't need to be a step 2 but if you're really determined, your DNS server might be being used to contribute to a DDoS attack on another host. DNS servers will recurse to answer a query and this can cause allow massive traffic swarms from DNS servers. I'm saying you could inadvertantly be part of that swarm.
Fixing it is simple enough: don't run a DNS server or disable external recursion.
