TPS FC4, DNS server abused

Discussion in 'HOWTO-Related Questions' started by Hagforce, Mar 6, 2007.

  1. Hagforce

    Hagforce New Member

    Hello

    The DNS on my server has beed abused in a DDoS attack.
    My server is open for DNS Recursion.

    How could I solve this problem?
     
  2. martinfst

    martinfst HowtoForge Supporter

    Add/uncomment the following to the options part of your bind.conf (or bind.conf.options)
    Code:
            // By default, name servers should only perform recursive domain
            // lookups for their direct clients.  If recursion is left open
            // to the entire Internet, your name server could be used to
            // perform distributed denial of service attacks against other
            // innocent computers.  For more information on DDoS recursion:
            // http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    
            allow-recursion { localnets; };
    
    Check your system with http://www.dnsstuff.com
     
  3. Hagforce

    Hagforce New Member

    Thank you very mutch.

    So I would add to the file

    Code:
     allow-recursion { 127.0.0.1; 85.213.56.0/24; 85.213.59.0/24; 85.213.73.0/24; 85.214.16.0/24; };
    But where is that file, I can find som named.conf files, but the "allow-recursion" parameter is not there.

    Is this enough to sequre the DNS or would you also recomend other measures.
     
  4. edge

    edge HowtoForge Supporter

    If you are using ISPconfig, you will need to set it in:
    /root/ispconfig/isp/conf/named.conf.master

    If you do not use ISPconfig, the named.conf is located in /etc/bind

    What I normally do (as suggested by martinfst) is I add the following to the named.conf.master
    Make sure that you add it within the options part!
    Code:
    allow-recursion {
    localhost;
    };
    So the options part should look like this:

    Code:
    options {
            pid-file "/var/run/bind/run/named.pid";
            directory "{BINDDIR}";
            auth-nxdomain no;
            /*
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
             */
            // query-source address * port 53;
    
    allow-recursion {
    localhost;
    };
    
    };
    
    If you want to add people to the list who are allowed to use your DNS, add the IP; below the localhost;
    10.0.0.10;
    10.0.0.20;

    Make sure that you restart BIND to make it read the new settings
     
  5. Hagforce

    Hagforce New Member

    Thank you very mutch.

    I have added the

    Code:
    allow-recursion {
    localhost;
    };
    to my named.conf.master as I use ISPConfig.

    And restarted named

    Code:
    /etc/init.d/named restart
    But when I set the servers IP as DNS on a computer I was able to use it for DNS.
    Is this right?

    I have some networks witch use this server as DNS, should I add this networks under localhost; like this?

    Code:
    allow-recursion {
    localhost;
    85.213.56.0/24;
    85.213.59.0/24;
    85.213.73.0/24;
    };
     
  6. martinfst

    martinfst HowtoForge Supporter

    You need to rebuild the dns files after changing the master template. See http://www.howtoforge.com/forums/showpost.php?p=63605&postcount=6 for a brief howto, which I think will work.

    Yes
     

Share This Page