Hi there, On Tue, 26 Jul 2016, Ejaz wrote:
There is huge traffic coming out from my DNS server since yesterday and flooding the IP 212.107.121.110 ...
Are you able to let us see your bind configuration? This might be IP spoofing, an attempted a DOS attack on the IP. Is there any reason why that IP should be allowed to query your nameserver? If not, then you should change your configuration so that only those clients who are expected to query the server are allowed to do so. The 'acl', 'allow-query' and 'allow-recursion' directives for the BIND configuration file enable you to do this. What operating system are you running on your server? If all else fails, in most cases it will be trivial to implement a local firewall rule or two - at least as a temporary measure until the, er, root of the problem is discovered and solved. Consider the TARPIT target. :) -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
