Named: external view client is denied

postcd

• April 29, 2014 19:02

Hello, please can anyone give me an advice on what to change in WHM to prevent, fix following issue? in tail /var/log/messages -n1000 I have many entries like: Apr 29 19:52:14 host1 named[1601]: client 1.2.3.4#13321: view external: query (cache) 'onedomainthatwashostedonserver.com/A/IN' denied
1.2.3.4 is IP of some server which is not mine But it is more than one request per second.. What can i do in WHM please?

• 

  vanessa

  • April 30, 2014 02:35

  Looks like your run-of-the-mill DNS reflection attack. If you search these forums, it's a topic that comes up frequently: The solution: [url=http://www.webhostingtalk.com/showthread.php?t=1229001]Bind related help = query denied - Hosting Security and Technology - Web Hosting Talk

  0
• 

  postcd

  • April 30, 2014 12:22

  thx, also I found that ConfigServerFirewall has this option in config file: [QUOTE]#

  Enable detection of repeated BIND denied requests # This option should be enabled with care as it will prevent blocked IPs from # resolving any domains on the server. You might want to set the trigger value # reasonably high to avoid this # Example: LF_BIND = "100" LF_BIND = "0" LF_BIND_PERM = "1"
  LF_BIND_PERM number of seconds ban or 1 is permanent LF_BIND number of denied requests from IP not sure if would be wise to enale it by setting value like 100? (more about this csf option)

  0
• 

  cPanelMichael

  • April 30, 2014 14:43

  [quote="postcd, post: 1633221">LF_BIND_PERM number of seconds ban or 1 is permanent LF_BIND number of denied requests from IP not sure if would be wise to enale it by setting value like 100? (more about this csf option)
  A user references the values they use for those options on this post: Named CPU Usage You could try those, or experiment with your own custom values. Thank you.

  0

Please sign in to leave a comment.