LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-30-2010, 12:28 AM   #1
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,267

Rep: Reputation: 99
Question Prevent DNS DoS attack


Hi All,

I have configured a DNS server on my RHEL 5.0 machine.

I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).

Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient.

Thanks in advance.
 
Old 05-30-2010, 04:47 PM   #2
alunduil
Member
 
Registered: Feb 2005
Location: San Antonio, TX
Distribution: Gentoo
Posts: 684

Rep: Reputation: 62
Well the first things are to make sure you don't allow zone transfers except from your slaves and then to make sure you only allow recursive queries from you internal network.

After that you'll have to specify what kind of DOS attack you're being plagued with because most of it should be legitimate requests at that point.

Regards,

Alunduil
 
Old 05-30-2010, 05:29 PM   #3
fruttenboel
Member
 
Registered: Jul 2008
Posts: 270

Rep: Reputation: 48
Quote:
Originally Posted by vikas027 View Post
Hi All,

I have configured a DNS server on my RHEL 5.0 machine.

I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).

Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient.

Thanks in advance.
Install a router like the Longshine IR2114A and it will do it for you without slowing down the computers
 
Old 05-31-2010, 04:05 PM   #4
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,267

Original Poster
Rep: Reputation: 99
Quote:
Originally Posted by alunduil View Post
Well the first things are to make sure you don't allow zone transfers except from your slaves and then to make sure you only allow recursive queries from you internal network.
Could you please provide any link or steps, how to move forward. Thanks.
 
Old 05-31-2010, 06:00 PM   #5
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by vikas027 View Post
I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).
As I understand this, you are claiming that you had never heard of these terms before? And you have been a sys admin for some time and have been posting here even longer?

If you don't mind I'll suggest that you should do a little more research and background reading to stay on top of the security situation, because if this is the first time that you've heard about DoS attacks, there could be a lot of other stuff that you are missing.

Quote:
Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient.
For some reason, you are unconcerned about DoS attacks on other parts of the infrastructure? So, if I have understood correctly, you don't care if anything else breaks -or even if everything else breaks- provided that your DNS server doesn't break? Normally, that wouldn't make sense, but maybe your job role has somehow persuaded you to take that position.

Now, what does this server do? does it just give you name services for an internal network? If so, you are concerned about DoS (or DDoS) attacks from your internal network. This does not seem like the most likely interpretation of your concerns, but it would help clarity for you to confirm or deny it.

Possibly, your DNS server only caches name responses from the internet. This would be a more likely thing to cause legitimate and reasonable concern. In this case, you would have a firewall between your DNS server and the internet. You should, therfore, be able to take measures in you firewall to protect your DNS server. What is this firewall?

Or maybe the DNS box does both? Or maybe you have a master and slave(s)? Or a redundant failover system?

And what software are you using for DNS?

If you want the best answer for your situation, please provide all of the information, otherwise people are likely to give you sub-optimal answers.

OK, I'll take you literally and supply this link. You didn't seem to have an interest, but you did say that "Any links, docs would be sufficient." And it will give you something else to think about.
 
Old 05-31-2010, 11:39 PM   #6
cola
Senior Member
 
Registered: Sep 2007
Location: Dhaka,Bangladesh
Distribution: Debian
Posts: 1,019

Rep: Reputation: 63
Quote:
Originally Posted by vikas027 View Post
Hi All,

I have configured a DNS server on my RHEL 5.0 machine.

I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).

Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient.

Thanks in advance.
http://www.google.com/search?hl=en&q...=&oq=&gs_rfai=
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Script to prevent DDOS attack mabin Linux - Security 9 10-18-2008 06:04 AM
How can prevent arp attack?? CN_jianzi Linux - Software 3 10-12-2006 07:42 PM
is this a Dos Attack?? xtremeclones Linux - Security 8 09-27-2006 01:40 AM
detecting a DOS attack ignus Linux - Security 4 07-29-2004 02:17 PM
Are we under DOS attack? sarmadys Linux - Security 2 02-06-2002 09:41 PM


All times are GMT -5. The time now is 08:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration