bytes not more than that??
Ejaz
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:58 PM
To: Ejaz
Cc: bind-users
Subject: Re: outgoing-traffic
On 27 July 2016 at 14:44, Ejaz wrote:
Such as, if someone is sending ANY request , by default
2016 10:51 AM
> To: Ejaz
> Cc: bind-users
> Subject: Re: outgoing-traffic
>
> On 27 July 2016 at 08:41, Ejaz wrote:
> > Thanks for all.
> >
> > But the strange thing is that if the request comes on 53 port then
> > it should go only from 53 is it?? Why goes out
On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote:
however, if no responses will come from his server, it's more likely that
the queries will stop.
On 27.07.16 15:19, S Carr wrote:
If you look at the capture there doesn't appear to be any responses
being sent for the ANY queries to start
On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote:
> however, if no responses will come from his server, it's more likely that
> the queries will stop.
If you look at the capture there doesn't appear to be any responses
being sent for the ANY queries to start with, yet the queries keep
comin
sponse also 50 bytes not more than that??
Ejaz
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:58 PM
To: Ejaz
Cc: bind-users
Subject: Re: outgoing-traffic
On 27 July 2016 at 14:44, Ejaz wrote:
> Such as, if someone is sending ANY req
On 27 July 2016 at 14:44, Ejaz wrote:
Such as, if someone is sending ANY request , by default it should be denied
when users requests for it..
On 27.07.16 14:57, S Carr wrote:
Denying the request isn't going to solve anything in this case, they
are still going to repeatedly ask for it and
PM
To: Ejaz
Cc: 'bind-users'
Subject: Re: outgoing-traffic
Am 27.07.2016 um 15:55 schrieb Ejaz:
> You mean I need to downgrade my bind to 9.11, as my current version is
> "*BIND 9.9.2-P1"*
in which country is 11 smaller than 9
9.11 is the *next* upcoming versio
On 27 July 2016 at 14:44, Ejaz wrote:
> Such as, if someone is sending ANY request , by default it should be denied
> when users requests for it..
Denying the request isn't going to solve anything in this case, they
are still going to repeatedly ask for it and the traffic has already
hit your
Hello,
You mean I need to downgrade my bind to 9.11, as my current version is "BIND
9.9.2-P1"
Ejaz
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Wednesday, July 27, 2016 4:49 PM
To: Ejaz
Cc: 'S Carr' ; 'bind-users'
Ejaz wrote:
>
> Such as, if someone is sending ANY request , by default it should be
> denied when users requests for it..
BIND 9.11 will have a minimal-any option.
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any
https://lists.isc.org/pipermail/bind-users/2016-July/097226.html
Tony.
--
sending ANY request , by default it should be denied
when users requests for it..
Ejaz
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:19 PM
To: Ejaz
Cc: bind-users
Subject: Re: outgoing-traffic
On 27 July 2016 at 13:33, Ejaz wrote
On 27 July 2016 at 13:33, Ejaz wrote:
> Thank you so much Abdul for you instant support.
>
> As requested, Find the attached.
So the 3 IPs (212.118.122.99-101) are continuously sending ANY
requests for cpsc.gov
No responses I can see are going from port 0, they are coming in on 53
and BIND is re
3:04 PM
>To: Ejaz ; 'S Carr'
>Cc: bind-users@lists.isc.org
>Subject: RE: outgoing-traffic
>
>You can use tcpdump on your DNS server to take the trace.
>
>Command would be like below.
>
>tcpdump -i any port 53 -w trace.pcap
>
>You can share trace.pc
:sjc...@gmail.com]
>Sent: Wednesday, July 27, 2016 10:51 AM
>To: Ejaz
>Cc: bind-users
>Subject: Re: outgoing-traffic
>
>On 27 July 2016 at 08:41, Ejaz wrote:
>> Thanks for all.
>>
>> But the strange thing is that if the request comes on 53 port then it
&g
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 10:51 AM
To: Ejaz
Cc: bind-users
Subject: Re: outgoing-traffic
On 27 July 2016 at 08:41, Ejaz wrote:
> Thanks for all.
>
> But the strange thing is that if the request comes on 53 port then it
On 27 July 2016 at 08:41, Ejaz wrote:
> Thanks for all.
>
> But the strange thing is that if the request comes on 53 port then it should
> go only from 53 is it?? Why goes out from 0, any clue would be highly
> appreciate.
>
> Regards
> Ejaz
Where's the packet capture to review?
_
PM
To: S Carr
Cc: Ejaz ; bind-users
Subject: Re: outgoing-traffic
S Carr wrote:
>
> You might want to check whether the requests are legitimate before
> completely blocking them, rate limiting would be a better option.
Remember this is TCP traffic.
RRL is designed to deal with sp
In message , Tony Finch
writes:
> S Carr wrote:
> >
> > You might want to check whether the requests are legitimate before
> > completely blocking them, rate limiting would be a better option.
>
> Remember this is TCP traffic.
>
> RRL is designed to deal with spoofed UDP traffic. It can actual
S Carr wrote:
>
> You might want to check whether the requests are legitimate before
> completely blocking them, rate limiting would be a better option.
Remember this is TCP traffic.
RRL is designed to deal with spoofed UDP traffic. It can actually make
non-spoofed floods worse, because RRL push
Hi there,
On Tue, 26 Jul 2016, Ejaz wrote:
There is huge traffic coming out from my DNS server since yesterday and
flooding the IP 212.107.121.110 ...
Are you able to let us see your bind configuration?
This might be IP spoofing, an attempted a DOS attack on the IP.
Is there any reason why
Thanks for all the comments.
One more thing I can control it through rate limit or block whole but the
same thing happened to another network will be problem ??
See the packet capture from the network device the outgoing traffic passing
from 0 port instead of 53. Why is that any clue
On 26 July 2016 at 09:53, Tony Finch wrote:
> Ejaz wrote:
>>
>> I am not using iptable firewall from my redhat Linux box, all traffic
>> manged by network team..
You might want to check whether the requests are legitimate before
completely blocking them, rate limiting would be a better option.
Ejaz wrote:
>
> I am not using iptable firewall from my redhat Linux box, all traffic
> manged by network team..
Well then, you should co-operate with them to fix the problem.
You might find that it helps to put the following in the options{} section
of named.conf, but I'm not sure if it will
org
Subject: Re: outgoing-traffic
Am 26.07.2016 um 10:30 schrieb Ejaz:
> I am not using iptable firewall from my redhat Linux box, all
> traffic manged by network team..
what you currently do don't matter- you have a problem and got a solution
(which should be used on any host besi
I am not using iptable firewall from my redhat Linux box, all traffic
manged by network team..
Ejaz
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
Abdul Khader
Sent: Tuesday, July 26, 2016 11:21 AM
To: bind-users@lists.isc.org
Subject: Re: outgoing-traffic
You can use iptables to rate-limit the IP.
On 7/26/2016 12:11 PM, Ejaz wrote:
All.
There is huge traffic coming out from my DNS server since yesterday
and flooding the IP 212.107.121.110, though I have increased the
limitation of tcp-clients in named.conf but still the issue. any help
wo
All.
There is huge traffic coming out from my DNS server since yesterday and
flooding the IP 212.107.121.110, though I have increased the limitation of
tcp-clients in named.conf but still the issue. any help would be highly
appreciate.
My bind version is
[root@ns10 ~]# named -v
27 matches
Mail list logo
