Results 1 to 8 of 8
  1. #1
    Join Date
    Apr 2006
    Posts
    516

    How to prevent DNS Flood

    Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,867
    What kind of flood are you seeing here, just thousands of unrelated requests to your DNS server or a bunch SYN/UDP attacks directed at port 53?
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Free Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Do you have firewall installed ?
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    Offering Xen/KVM VPS Hosting !! Skype: talk@24x7servermanagement.com

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,867
    Quote Originally Posted by Srv24x7 View Post
    Do you have firewall installed ?
    Depending on the attack, most (if not all) software firewalls are going to be utterly useless in regards to not filtering out legitimate DNS traffic. (Basically, everything will probably end up getting filtered just creating a whole mess...)

  5. #5
    Join Date
    Oct 2007
    Location
    Kochi,INDIA
    Posts
    216
    Turn off recursion in your named.conf

    http://www.webhostingtalk.com/archiv.../t-543883.html
    nDeploy -cPanel High Performance WebStack plugin
    Supports HHVM,PHP-FPM,RUBY,PYTHON,NODEJS,COLDFUSION,JSP and more
    Apache PHP-FPM allows users to select between multiple PHP-FPM backends in Apache httpd
    ✉ support [at] sysally [dot] net

  6. #6
    Join Date
    Apr 2006
    Posts
    516
    Quote Originally Posted by gnusys View Post
    Turn off recursion in your named.conf

    http://www.webhostingtalk.com/archiv.../t-543883.html
    all my server has apf+bfd. others has csf.

    so what i need to do is to disable recursion?

    ok.. i'll try that out

  7. #7
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,199
    Did disabling recursion fix it?

  8. #8
    Join Date
    Mar 2006
    Posts
    241
    Attacks due to misconfiguration in named.conf work in the following manner,Attacker sends several thousand spoofed requests toa DNS server that allows recursion. The DNS server processes these requests as valid and then returns the DNS replies to the spoofed recipient . When the number of requests is in the thousands, the attacker could potentially generate a multi-gigabit flood of DNS replies.
    Last edited by Lsupport; 05-29-2008 at 12:45 AM. Reason: typo
    LiquidSupport - A subsidiary of I-Fort Technologies (Pvt.) Ltd
    Server Administration | Technical Support | Web Development

  9. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •