linux – 我的DNS服务器正在推动20mbps,为什么?

前端之家收集整理的这篇文章主要介绍了linux – 我的DNS服务器正在推动20mbps,为什么?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在EC2中运行一个DNS服务器,昨天当我检查我的计费仪表板并且本月发现1.86 TB的已用数据时它正在推动大约20mbps.这对我的小型项目实验室来说是个大账单.我从来没有注意到性能下降,也没有费心去设置流量阈值,但我现在已经花费了200美元的带宽费用.

似乎有人使用我的DNS服务器作为放大攻击的一部分,但是我不知道如何.

配置在下面.

  1. // BBB.BBB.BBB.BBB = ns2.mydomain.com ip address
  2.  
  3. options {
  4. listen-on port 53 { any; };
  5. // listen-on-v6 port 53 { ::1; };
  6. directory "/var/named";
  7. dump-file "/var/named/data/cache_dump.db";
  8. statistics-file "/var/named/data/named_stats.txt";
  9. memstatistics-file "/var/named/data/named_mem_stats.txt";
  10. allow-transfer { BBB.BBB.BBB.BBB; };
  11. allow-query-cache { BBB.BBB.BBB.BBB; };
  12. allow-query { any; };
  13. allow-recursion { none; };
  14.  
  15. empty-zones-enable no;
  16. forwarders { 8.8.8.8; 8.8.4.4; };
  17.  
  18. fetch-glue no;
  19. recursion no;
  20.  
  21. dnssec-enable yes;
  22. dnssec-validation yes;
  23.  
  24. /* Path to ISC DLV key */
  25. bindkeys-file "/etc/named.iscdlv.key";
  26.  
  27. managed-keys-directory "/var/named/dynamic";
  28. };
  29.  
  30. logging {
  31. channel default_debug {
  32. file "data/named.run";
  33. severity dynamic;
  34. };
  35. };
  36.  
  37. zone "." IN {
  38. type hint;
  39. file "named.ca";
  40. };
  41.  
  42. zone "mydomain.com" IN {
  43. type master;
  44. file "zones/mydomain.com";
  45. allow-transfer { BBB.BBB.BBB.BBB; localhost; };
  46. };

鉴于这种配置,我不应该回答任何关于区域的查询我不在本地托管吗?这个服务器是几个域的SOA,但不用于查看我的其他服务器(每个人都针对OpenDNS或Google).我在这里有什么指示错误,还是我忘了?我的日志(63MB)充满了这个:

  1. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  2. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  3. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  4. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  5. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  6. client 58.215.173.155#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  7. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  8. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  9. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  10. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  11. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  12. client 218.93.206.228#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  13. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  14. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  15. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  16. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  17. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  18. client 50.19.220.154#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  19. client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  20. client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  21. client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  22. client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied
  23. client 123.207.161.124#4444: query (cache) 'cpsc.gov/ANY/IN' denied

解决方法

即使您的服务器设置为仅响应您的权威查询,它仍然可能用于放大攻击 – 任何针对区域根的查询都可能触发相当大的UDP响应,因为区域根目录倾向于有许多记录,特别是SPF / DKIM / DNSSEC.

这可能是您系统上发生的事情 – 使用tcpdump进行确认.如果他们在放大攻击中使用您的权威记录,那么您最好的选择就是简单地转移到新的IP并希望他们不遵循,更改您的区域根记录以使其成为效率较低的放大载体,或实施响应率限制(如果您的BIND支持它).

猜你在找的Linux相关文章