#1  
Old 6th March 2007, 14:47
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default TPS FC4, DNS server abused

Hello

The DNS on my server has beed abused in a DDoS attack.
My server is open for DNS Recursion.

How could I solve this problem?
Reply With Quote
Sponsored Links
  #2  
Old 6th March 2007, 15:52
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

Add/uncomment the following to the options part of your bind.conf (or bind.conf.options)
Code:
        // By default, name servers should only perform recursive domain
        // lookups for their direct clients.  If recursion is left open
        // to the entire Internet, your name server could be used to
        // perform distributed denial of service attacks against other
        // innocent computers.  For more information on DDoS recursion:
        // http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987

        allow-recursion { localnets; };
Check your system with http://www.dnsstuff.com
Reply With Quote
  #3  
Old 7th March 2007, 00:03
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default

Thank you very mutch.

So I would add to the file

Code:
 allow-recursion { 127.0.0.1; 85.213.56.0/24; 85.213.59.0/24; 85.213.73.0/24; 85.214.16.0/24; };
But where is that file, I can find som named.conf files, but the "allow-recursion" parameter is not there.

Is this enough to sequre the DNS or would you also recomend other measures.
Reply With Quote
  #4  
Old 7th March 2007, 00:26
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,044
Thanks: 269
Thanked 154 Times in 133 Posts
Default

If you are using ISPconfig, you will need to set it in:
/root/ispconfig/isp/conf/named.conf.master

If you do not use ISPconfig, the named.conf is located in /etc/bind

What I normally do (as suggested by martinfst) is I add the following to the named.conf.master
Make sure that you add it within the options part!
Code:
allow-recursion {
localhost;
};
So the options part should look like this:

Code:
options {
        pid-file "/var/run/bind/run/named.pid";
        directory "{BINDDIR}";
        auth-nxdomain no;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;

allow-recursion {
localhost;
};

};
If you want to add people to the list who are allowed to use your DNS, add the IP; below the localhost;
10.0.0.10;
10.0.0.20;

Make sure that you restart BIND to make it read the new settings
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #5  
Old 8th March 2007, 10:06
Hagforce Hagforce is offline
Senior Member
 
Join Date: Feb 2006
Posts: 210
Thanks: 37
Thanked 1 Time in 1 Post
Default

Thank you very mutch.

I have added the

Code:
allow-recursion {
localhost;
};
to my named.conf.master as I use ISPConfig.

And restarted named

Code:
/etc/init.d/named restart
But when I set the servers IP as DNS on a computer I was able to use it for DNS.
Is this right?

I have some networks witch use this server as DNS, should I add this networks under localhost; like this?

Code:
allow-recursion {
localhost;
85.213.56.0/24;
85.213.59.0/24;
85.213.73.0/24;
};
Reply With Quote
  #6  
Old 8th March 2007, 10:17
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
 
Default

You need to rebuild the dns files after changing the master template. See http://www.howtoforge.com/forums/sho...05&postcount=6 for a brief howto, which I think will work.

Quote:
I have some networks witch use this server as DNS, should I add this networks under localhost; like this?

Code:
allow-recursion { localhost; 85.213.56.0/24; 85.213.59.0/24; 85.213.73.0/24; };
Yes
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 13:19
TPS FC4, mail server abused to send spam? Hagforce HOWTO-Related Questions 11 21st January 2007 17:24
How set DNS entry for different server? SupuS Installation/Configuration 1 12th June 2006 10:48
Pri & Slave DNS HOWTO (FC4) ppettigrew Suggest HOWTO 0 1st April 2006 16:35
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 03:30


All times are GMT +2. The time now is 15:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.