Open Resolver question -Not solved now!

Question

Open Resolver question -Not solved now!

networking

forum:mushget 11 years, 4 months ago

I have the same problem as this post described

https://forum.linode.com/viewtopic.php?f=19&t=9537

My DNS server is acting as an unrestricted open resolver and

Unusually high network traffic

03:41:34.743798 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743820 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743825 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743844 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743848 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743868 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.743873 IP 62.141.41.104.40570 > 69.164.198.25.domain: 47790+ [1au] ANY? . (28)

03:41:34.744031 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744152 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744160 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744202 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744215 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744309 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744477 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744715 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744765 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744771 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.744925 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

03:41:34.745127 IP 69.164.198.25.domain > 62.141.41.104.40570: 47790 14/13/23 Type46[|domain]

I know this can be solved by edit the named.conf file. add some rules. But i can't find this file on my server in the directory /etc/

my server is My CentOS 5.6 Profile (Latest 32 bit (3.9.3-x86-linode52)). I Only installed KLOXO. NO Other programs.

Any advises will be appreciated. thanks.

3 Replies

forum:bacon · Answer 1 · July 8, 2013, 6:13 a.m.

forum:bacon 11 years, 4 months ago

The first Google result that I get is http://www.maxofweb.com/2013/03/kloxo-d … ction.html">http://www.maxofweb.com/2013/03/kloxo-dns-amplification-and-reflection.html

forum:Main Street James · Answer 2 · July 8, 2013, 9:03 a.m.

forum:Main Street James 11 years, 4 months ago

~~@mushget:~~

my server is My CentOS 5.6 Profile (Latest 32 bit (3.9.3-x86-linode52)). I Only installed KLOXO. NO Other programs.

Any advises will be appreciated. thanks.
I have Kloxo installed and I hate it. I'm going to move to something else at the end of this summer (when I have time to migrate all our sites to a different box Linode). If you're not married to Kloxo you may want to consider an alternative (I'm looking at one of these two related control panels: virtualmin.com or webmin.com).

I believe the file you're looking for is /var/named/chroot/etc/kloxo.named.conf

MSJ

forum:sednet · Answer 3 · July 8, 2013, 3:43 p.m.

forum:sednet 11 years, 4 months ago

Don't run an open resolver, you will get DNS amplification nonsense. If your named.conf isn't in /etc/bind it's most likely in a choot jail. 'locate named.conf' should find it.

Add something like the following to named.conf.local or whatever the local editable file is on your system.

        allow-recursion {
                127.0.0.1;
                ::1;
        };

The above will only allow 127.0.0.1 and ::1 (IPv6 localhost) to perform recursive queries.

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Open Resolver question -Not solved now!

3 Replies

Reply

Tips: