Prevent DNS DoS attack
 

Hi All,

I have configured a DNS server on my RHEL 5.0 machine.

I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).

Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient. :)

Thanks in advance.

Well the first things are to make sure you don't allow zone transfers except from your slaves and then to make sure you only allow recursive queries from you internal network.

After that you'll have to specify what kind of DOS attack you're being plagued with because most of it should be legitimate requests at that point.

Regards,

Alunduil

Install a router like the Longshine IR2114A and it will do it for you without slowing down the computers

Could you please provide any link or steps, how to move forward. Thanks.

As I understand this, you are claiming that you had never heard of these terms before? And you have been a sys admin for some time and have been posting here even longer?

If you don't mind I'll suggest that you should do a little more research and background reading to stay on top of the security situation, because if this is the first time that you've heard about DoS attacks, there could be a lot of other stuff that you are missing.

For some reason, you are unconcerned about DoS attacks on other parts of the infrastructure? So, if I have understood correctly, you don't care if anything else breaks -or even if everything else breaks- provided that your DNS server doesn't break? Normally, that wouldn't make sense, but maybe your job role has somehow persuaded you to take that position.

Now, what does this server do? does it just give you name services for an internal network? If so, you are concerned about DoS (or DDoS) attacks from your internal network. This does not seem like the most likely interpretation of your concerns, but it would help clarity for you to confirm or deny it.

Possibly, your DNS server only caches name responses from the internet. This would be a more likely thing to cause legitimate and reasonable concern. In this case, you would have a firewall between your DNS server and the internet. You should, therfore, be able to take measures in you firewall to protect your DNS server. What is this firewall?

Or maybe the DNS box does both? Or maybe you have a master and slave(s)? Or a redundant failover system?

And what software are you using for DNS?

If you want the best answer for your situation, please provide all of the information, otherwise people are likely to give you sub-optimal answers.

OK, I'll take you literally and supply this link. You didn't seem to have an interest, but you did say that "Any links, docs would be sufficient." And it will give you something else to think about.