From owner-freebsd-questions@FreeBSD.ORG Thu Jun 4 01:07:28 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 80279F51 for ; Thu, 4 Jun 2015 01:07:28 +0000 (UTC) (envelope-from jekillen@prodigy.net) Received: from nm5-vm4.access.bullet.mail.gq1.yahoo.com (nm5-vm4.access.bullet.mail.gq1.yahoo.com [216.39.63.93]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4C8123B for ; Thu, 4 Jun 2015 01:07:27 +0000 (UTC) (envelope-from jekillen@prodigy.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prodigy.net; s=s2048; t=1433379894; bh=dI8GqM0xKvuclf9ualZjZGCfnTv7snjZR6HHuqI7ikM=; h=Cc:From:To:In-Reply-To:Subject:Date:References:From:Subject; b=e1UuHzc9BiVpkCCDRMyeiSoVTywOejltnQCYCe6643q7Y7umYf8uoNklGlGb7odPjDusGVWFUMx3Z+PGf717aDLVLDbifc4xSjWGtP5lmNkovF86K2cAVw+/gzbEJpLtek4dtIJPChVgRhHQuGQ9Eo5HAgmPxPGaXSLBTrersgCNACL+W1Rii8tfsvX45iILuj3sBaUxFijPYyIL6kydhaDa59B6GC3UapeOlqClGkoIBD8GSSyGukOihwtXmXJPKJ/8oZhVecyzvzfWV8qQcO/MUQKbHEZ77XSaLhZCCGRMSpMwa/ycU+qNxTfmvc1f/r0qzq8lbpUIJR7vmX/7Hw== Received: from [216.39.60.169] by nm5.access.bullet.mail.gq1.yahoo.com with NNFMP; 04 Jun 2015 01:04:54 -0000 Received: from [67.195.22.116] by tm5.access.bullet.mail.gq1.yahoo.com with NNFMP; 04 Jun 2015 01:04:54 -0000 Received: from [127.0.0.1] by smtp111.sbc.mail.gq1.yahoo.com with NNFMP; 04 Jun 2015 01:04:54 -0000 X-Yahoo-Newman-Id: 668244.24766.bm@smtp111.sbc.mail.gq1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: iYcIML0VM1l4GWTaJE5umOkFGJVlU8.WE5Stfhw4PWTuQW9 QNI32y_CLYk1FHVk94qjXc1HRCEfyjeRk7cNv.9NuubMcsWt9bIJy_BdXBmI uCKifnseE7iRsnUA30dAHzNdcQUUjioRoSoioEX9B11fvZSLXPCJr7cGD_3d ysdO8V7Ycm1qCmbUkwLzKTs2TiZfPJF_7GwNIr0BAXi7iyy8A4fy9k1Aiq7K NxYwBQKenKwMoOYYbSEaS02g5qYbEJo56LxGYHLRU6k8tTQFDXbnDnBAFIes YdR16_0aDDPMnHUBFkUxe7J5vdm7m6uqyJbKsEILB1U3CvEzHUHmWpDRN89L .P1tjtZQ3AMs2DUSGpkwwIII7.6Wn_jv8DQWM0FFShrkCn.j7v6X5DxM2CVL Ab1H3cbkIoNVYepGSvUf8wvXii.tgXNBhm81NNUlO1VeEDt0vr_kMiRWD2RH S73_Nt66tSoMfmjYziRUfF9MUu_KpUudmGLLhbFCbG1qlZGS354m.xNfAMAS MjRthzdvMEHgQCAgghjFko_7kFOyKLIXbre5O9L39_ymUc6lC X-Yahoo-SMTP: 46rcWa.swBDnY9zvhIrsU2awgPSTQgUKFFrFJjEU8wwG Cc: joeb1 , "freebsd-questions@freebsd.org" Message-Id: From: Jeffry Killen To: Dennis Glatting In-Reply-To: <1433375821.72071.40.camel@pki2.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Subject: Re: port 53 under attack Date: Wed, 3 Jun 2015 18:04:53 -0700 References: <556F87A6.8090105@a1poweruser.com> <1433375821.72071.40.camel@pki2.com> X-Mailer: Apple Mail (2.936) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2015 01:07:28 -0000 On Jun 3, 2015, at 4:57 PM, Dennis Glatting wrote: > On Wed, 2015-06-03 at 19:03 -0400, joeb1 wrote: >> Hello list >> : >> My firewall blocks unsolicited inbound traffic on port 53. I realize >> this is the DNS port. But I am getting over 200K hits per day from >> ip >> addresses from all over the world. My host has a dynamic ip >> address. Is >> there any valid reason for this to be happening? > > You could be used as a DOS amplifier. > If you are using bind for dns server, and are familiar with how it is configured check to see if you have anything that would allow dns query forwarding. It may not be you in particular, but your dns server is being used as a proxy to forward requests. I have seen that when I was running servers with static ip addresses. As I recall it was my secondary server that was being used to forward dns queries. I was on a dsl connection to my ISP and it was noticable and annoying. HTH JK