port 53 under attack

Jeffry Killen jekillen at prodigy.net
Thu Jun 4 01:07:28 UTC 2015

On Jun 3, 2015, at 4:57 PM, Dennis Glatting wrote:

> On Wed, 2015-06-03 at 19:03 -0400, joeb1 wrote:
>> Hello list
>> :
>> My firewall blocks unsolicited inbound traffic on port 53. I realize
>> this is the DNS port. But I am getting over 200K  hits per day from  
>> ip
>> addresses from all over the world. My host has a dynamic ip  
>> address. Is
>> there any valid reason for this to be happening?
> You could be used as a DOS amplifier.

If you are using bind for dns server, and are familiar with how it is  
check to see if you have anything that would allow dns query  
forwarding. It
may not be you in particular, but your dns server is being used as a  
proxy to
forward requests.

I have seen that when I was running servers with static ip addresses.  
As I recall
it was my secondary server that was being used to forward dns queries.

I was on a dsl  connection to my ISP and it was noticable and annoying.


More information about the freebsd-questions mailing list