On Sun, Apr 12, 2020 at 01:41:52AM +0000, sir izake <siriz...@gmail.com> wrote a message of 153 lines which said:
> At specific times of day bind fails to respond to queries even > though service is shown to run (configured to respond to my network > IPs, this works fine till this time when service fails to answer > queries) The problem may be because of another component in your network. Are you sure there is not some sort of firewall or IPS in front of BIND, which decided to drop packets? Check with tcpdump or similar tools that the machine with BIND does receive the queries. > Apr 11 22:38:09 ##### kernel: TCP: request_sock_TCP: Possible SYN flooding > on port 53. Sending cookies. Check SNMP counters. This may indeed be a DoS attack but may be not. Check with tcpdump what sort of traffic you receive. Also, the message is for TCP but DNS works mostly with UDP so it may has nothing to do with your problem. > Could log point to DDoS attack ( how do i mitigate) It depends. There is no general rule to deal wih DoS attacks, you need to investigate first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
