我正在EC2中运行一个DNS服务器,昨天当我检查我的计费仪表板并且本月发现1.86 TB的已用数据时它正在推动大约20mbps.这对我的小型项目实验室来说是个大账单.我从来没有注意到性能下降,也没有费心去设置流量阈值,但我现在已经花费了200美元的带宽费用.
似乎有人使用我的DNS服务器作为放大攻击的一部分,但是我不知道如何.
配置在下面.
- // BBB.BBB.BBB.BBB = ns2.mydomain.com ip address
- options {
- listen-on port 53 { any; };
- // listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-transfer { BBB.BBB.BBB.BBB; };
- allow-query-cache { BBB.BBB.BBB.BBB; };
- allow-query { any; };
- allow-recursion { none; };
- empty-zones-enable no;
- forwarders { 8.8.8.8; 8.8.4.4; };
- fetch-glue no;
- recursion no;
- dnssec-enable yes;
- dnssec-validation yes;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "mydomain.com" IN {
- type master;
- file "zones/mydomain.com";
- allow-transfer { BBB.BBB.BBB.BBB; localhost; };
- };
鉴于这种配置,我不应该回答任何关于区域的查询我不在本地托管吗?这个服务器是几个域的SOA,但不用于查看我的其他服务器(每个人都针对OpenDNS或Google).我在这里有什么指示错误,还是我忘了?我的日志(63MB)充满了这个:
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
- client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied