Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 6th March 2013, 09:38
bradboy bradboy is offline
Junior Member
 
Join Date: Mar 2013
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default

we're all good now. It seems that most of the problem as the sql password for the secondary server
Reply With Quote
Sponsored Links
  #12  
Old 21st March 2013, 20:11
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

Quote:
Originally Posted by till View Post
You can use the resync tool to force a resync of he zones if not all records are there.
Hey Till, to which Resync Tool are you referring?
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #13  
Old 25th March 2013, 11:39
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

Found it.
I chose the "new" ns2 server node on ISPConfig Cluster panel dropdown menu and from Tools used the Sync Tools and forced a Resync DNS records. Works like a charm.

Thank's Till.
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #14  
Old 1st April 2013, 19:01
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

Something weird is happening with the "new" ns2 server. I had to enable recursion for it to work outside of our local network.
Quote:
vi /etc/bind/named.conf.options
Quote:
allow-recursion { any; };
Now it seems that ns3.nic.fr is constantly "spamming" our ns2 with bogus requests.

Is there a way to disable recursion and still make the "mirrored" ns2 to work from anywhere?
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #15  
Old 1st April 2013, 19:41
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

I turned on the BIND logging with
Quote:
rndc querylog
This is what the ns2 log shows. It's crazy.
Quote:
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 60.234.97.4#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 195.69.147.140#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 195.69.147.140#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 60.234.97.4#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 195.69.147.140#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 195.69.147.140#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 60.234.97.4#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 147.102.222.241#53: query: ripe.net IN ANY +ED (10.10.103.126)
Apr 1 20:35:24 ns2 named[21291]: client 193.219.80.7#53: query: ripe.net IN ANY +ED (10.10.103.126)
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #16  
Old 1st April 2013, 19:50
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

These 4 were consuming over 1Mbit bandwidth each. Firewall shows that they have used more than 1Gb bandwidth each in a very short time.
I blocked them with these commands...

Quote:
/sbin/iptables -I INPUT -s 195.69.147.140 -j DROP
/sbin/iptables -I INPUT -s 193.219.80.7 -j DROP
/sbin/iptables -I INPUT -s 60.234.97.4 -j DROP
/sbin/iptables -I INPUT -s 147.102.222.241 -j DROP
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent


Last edited by SamTzu; 1st April 2013 at 19:54.
Reply With Quote
  #17  
Old 4th April 2013, 11:11
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
 
Default

We were able to disable recursive option after reboot.
Looks like the attack did not originate from the IP in question but rather the attacker was using IP spoofing to attack it.
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3 and secondary dns problems xzibiz Installation/Configuration 6 18th September 2012 07:57
ISPConfig DNS Network Solutions jameschump General 5 22nd March 2009 14:47
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 14:31
Reverse DNS + SPF and ISPConfig as my DNS Server yurtboy1 General 1 6th November 2007 09:15
Adding domains to non-ISPConfig secondary DNS servers cstone Tips/Tricks/Mods 4 19th July 2006 14:25


All times are GMT +2. The time now is 22:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.