I was notified, that a BIND DNS server, which is authorative for a number of domains, is open to abuse for DDoS attacks, targeting other networks. When testing on MX Tool, there is no problems according to the report.
Looking into the logs, there actually is tons of messages about a format error on different unknown IP adresses. I have not been unable to find out, what that error message is about.
The DNS server is authoritative for a number of domains, so I assume, it should be open for queries, but otherwise restricted. Is it possible, that the configuration below can lead to abuse? Keep in mind, that the DNS server is authoritative for a number of domains, and, that it has other primary DNS servers (GratisDNS).
One of the domains:
I would be very glad, if any kind soul could bring a hint to solve a possible security concern in this configuration.
Looking into the logs, there actually is tons of messages about a format error on different unknown IP adresses. I have not been unable to find out, what that error message is about.
Code:
Apr 22 15:01:02 thisserver named[705]: DNS format error from 104.243.45.190#53 resolving 75.208.54.110.in-addr.arpa/PTR for 127.0.0.1#25018: Name in-addr.arpa (SOA) not subdomain of zone 208.54.110.in-addr.arpa -- invalid response
The DNS server is authoritative for a number of domains, so I assume, it should be open for queries, but otherwise restricted. Is it possible, that the configuration below can lead to abuse? Keep in mind, that the DNS server is authoritative for a number of domains, and, that it has other primary DNS servers (GratisDNS).
Code:
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { any; };
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0>
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0>
allow-query { any; };
allow-query-cache { any; };
allow-recursion { users; };
allow-transfer { users; gratisdns; };
};
One of the domains:
Code:
zone "somedomain.dk"
{
type master;
notify yes;
also-notify { 91.221.196.11; };
allow-transfer { gratisdns; };
file "/usr/local/etc/namedb/master/somedomain.dk";
};
I would be very glad, if any kind soul could bring a hint to solve a possible security concern in this configuration.