Ok Stephane There's no firewall or IPS in front of the DNS. Only the Centos firewall policy permitting dns traffic.
Sure, I will take the tcpdump and revert Thanks & Best Regards Isaac On Sun, 12 Apr 2020, 3:48 pm Stephane Bortzmeyer, <bortzme...@nic.fr> wrote: > On Sun, Apr 12, 2020 at 01:41:52AM +0000, > sir izake <siriz...@gmail.com> wrote > a message of 153 lines which said: > > > At specific times of day bind fails to respond to queries even > > though service is shown to run (configured to respond to my network > > IPs, this works fine till this time when service fails to answer > > queries) > > The problem may be because of another component in your network. Are > you sure there is not some sort of firewall or IPS in front of BIND, > which decided to drop packets? Check with tcpdump or similar tools > that the machine with BIND does receive the queries. > > > Apr 11 22:38:09 ##### kernel: TCP: request_sock_TCP: Possible SYN > flooding > > on port 53. Sending cookies. Check SNMP counters. > > This may indeed be a DoS attack but may be not. Check with tcpdump > what sort of traffic you receive. Also, the message is for TCP but DNS > works mostly with UDP so it may has nothing to do with your problem. > > > Could log point to DDoS attack ( how do i mitigate) > > It depends. There is no general rule to deal wih DoS attacks, you need > to investigate first. >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
