Date: Wed, 3 Jun 2015 18:04:53 -0700 From: Jeffry Killen <jekillen@prodigy.net> To: Dennis Glatting <freebsd@pki2.com> Cc: joeb1 <joeb1@a1poweruser.com>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: port 53 under attack Message-ID: <A9520F76-8929-4F72-8F04-F5285316640F@prodigy.net> In-Reply-To: <1433375821.72071.40.camel@pki2.com> References: <556F87A6.8090105@a1poweruser.com> <1433375821.72071.40.camel@pki2.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 3, 2015, at 4:57 PM, Dennis Glatting wrote: > On Wed, 2015-06-03 at 19:03 -0400, joeb1 wrote: >> Hello list >> : >> My firewall blocks unsolicited inbound traffic on port 53. I realize >> this is the DNS port. But I am getting over 200K hits per day from >> ip >> addresses from all over the world. My host has a dynamic ip >> address. Is >> there any valid reason for this to be happening? > > You could be used as a DOS amplifier. > If you are using bind for dns server, and are familiar with how it is configured check to see if you have anything that would allow dns query forwarding. It may not be you in particular, but your dns server is being used as a proxy to forward requests. I have seen that when I was running servers with static ip addresses. As I recall it was my secondary server that was being used to forward dns queries. I was on a dsl connection to my ISP and it was noticable and annoying. HTH JK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A9520F76-8929-4F72-8F04-F5285316640F>