[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNS hits

> On Sat, Feb 11, 2017 at 2:07 PM, Henning Follmann <hfollmann@itcfollmann.com
> wrote

Actually the current Bind in stable is just a blessing in this respect.
It -by default- just allows recursion for localnet, localhost.

This server is still Wheezy. The virtual websites didn't work on Jessie Apache (I have no idea why yet).
 
So if you don't mess with it at all is does the right thing automagically.

Most likely if you remove anything you tried to configure in the options it
will work just the way you want.

I'd already done what Eduardo suggested in his post (config BIND to allow recursion from only a specified list of IPs), and all was well -- as soon as I tested it properly.


FWIW, I ran dnstop for a while. I saw quite a bit of my own server at first, but over few minutes, its output turned into a list of hits on my domains. Almost all from the 52, 54 area (AWS). I don't know, but I assume dnstop is looking at packets before iptables processes them. If not, something is still badly broken.

Also FWIW, At github there's a very nice shell script that downloads, from Amazon, a list of the nets in AWS, creates iptables DROP commands for them, and enters the commands into your iptables filter. Takes a little futzing to make it run on Wheezy, but it runs out of the box on Jessie:

https://github.com/corbanworks/aws-blocker/blob/master/aws-blocker


The router seems reasonably quiet right now. Maybe the script kiddies are all at church, praying for their souls...

--
Glenn English

Reply to: