port 53 under attack
Jeffry Killen
jekillen at prodigy.net
Thu Jun 4 01:07:28 UTC 2015
On Jun 3, 2015, at 4:57 PM, Dennis Glatting wrote:
> On Wed, 2015-06-03 at 19:03 -0400, joeb1 wrote:
>> Hello list
>> :
>> My firewall blocks unsolicited inbound traffic on port 53. I realize
>> this is the DNS port. But I am getting over 200K hits per day from
>> ip
>> addresses from all over the world. My host has a dynamic ip
>> address. Is
>> there any valid reason for this to be happening?
>
> You could be used as a DOS amplifier.
>
If you are using bind for dns server, and are familiar with how it is
configured
check to see if you have anything that would allow dns query
forwarding. It
may not be you in particular, but your dns server is being used as a
proxy to
forward requests.
I have seen that when I was running servers with static ip addresses.
As I recall
it was my secondary server that was being used to forward dns queries.
I was on a dsl connection to my ISP and it was noticable and annoying.
HTH
JK
More information about the freebsd-questions
mailing list