Results 1 to 8 of 8
  1. #1
    Join Date
    Apr 2006
    Posts
    516

    How to prevent DNS Flood

    Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    What kind of flood are you seeing here, just thousands of unrelated requests to your DNS server or a bunch SYN/UDP attacks directed at port 53?
    RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca

    www.HostingSecList.com - Security Notices for the Hosting Community.

  3. #3
    Do you have firewall installed ?
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by Srv24x7 View Post
    Do you have firewall installed ?
    Depending on the attack, most (if not all) software firewalls are going to be utterly useless in regards to not filtering out legitimate DNS traffic. (Basically, everything will probably end up getting filtered just creating a whole mess...)

  5. #5
    Join Date
    Oct 2007
    Location
    9.9N 76.2E , Planet Earth
    Posts
    1,003
    Turn off recursion in your named.conf

    http://www.webhostingtalk.com/archiv.../t-543883.html
    A U T O M 8 N . C O M
    High Available webstack for cPanel
    Active-Active redundancy and High Availability plugin for cPanel

  6. #6
    Join Date
    Apr 2006
    Posts
    516
    Quote Originally Posted by gnusys View Post
    Turn off recursion in your named.conf

    http://www.webhostingtalk.com/archiv.../t-543883.html
    all my server has apf+bfd. others has csf.

    so what i need to do is to disable recursion?

    ok.. i'll try that out

  7. #7
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,325
    Did disabling recursion fix it?

  8. #8
    Join Date
    Mar 2006
    Posts
    241
    Attacks due to misconfiguration in named.conf work in the following manner,Attacker sends several thousand spoofed requests toa DNS server that allows recursion. The DNS server processes these requests as valid and then returns the DNS replies to the spoofed recipient . When the number of requests is in the thousands, the attacker could potentially generate a multi-gigabit flood of DNS replies.
    Last edited by Lsupport; 05-29-2008 at 12:45 AM. Reason: typo
    LiquidSupport - A subsidiary of I-Fort Technologies (Pvt.) Ltd
    Server Administration | Technical Support | Web Development

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •