Domain-Name-System
有什麼方法可以使用 BIND 阻止 DNS 響應?
我使用 BIND 作為我的 DNS 伺服器。我已禁用遞歸 DNS 請求。現在我受到了某種攻擊。有什麼要阻止它還是我必須放手?
我的查詢日誌:
client 75.214.6.32#39884: query: elipylavofkb.www.florasky.cn IN A + (MY SERVER IP) client 19.61.194.206#59208: query: mzynovatmhapahen.www.ludashi789.com IN A + (MY SERVER IP) client 108.8.241.1#50963: query: mdelolwtspupyzmz.www.ludashi789.com IN A + (MY SERVER IP) client 112.224.24.10#63434: query: wdybkhodehov.www.florasky.cn IN A + (MY SERVER IP) client 76.160.109.141#1231: query: gxefmpidgjur.www.florasky.cn IN A + (MY SERVER IP) client 16.18.114.118#37018: query: engjcvwjsdgz.www.florasky.cn IN A + (MY SERVER IP) client 114.99.158.44#33012: query: ulkhwvopolud.www.florasky.cn IN A + (MY SERVER IP) client 50.171.130.116#58826: query: uneburexorkbsrgx.www.ludashi789.com IN A + (MY SERVER IP) client 96.17.162.81#24693: query: unsjwpinczcd.www.ludashi789.com IN A + (MY SERVER IP) client 116.158.62.221#9755: query: clylslwdwlov.www.ludashi789.com IN A + (MY SERVER IP) client 114.197.183.246#39810: query: qjyn.www.florasky.cn IN A + (MY SERVER IP) client 82.43.231.89#35249: query: yxwlubah.www.florasky.cn IN A + (MY SERVER IP) client 21.189.79.22#30864: query: wpgboted.www.florasky.cn IN A + (MY SERVER IP) client 50.107.178.249#5585: query: kzwhmdqjqrat.www.ludashi789.com IN A + (MY SERVER IP) client 14.57.75.38#26008: query: ojudkzytqlqn.www.ludashi789.com IN A + (MY SERVER IP) client 98.214.7.43#51927: query: md.www.florasky.cn IN A + (MY SERVER IP) client 61.51.158.42#5778: query: ufstavonszktox.www.ludashi789.com IN A + (MY SERVER IP) client 24.221.104.57#38899: query: gpexcvixodaj.www.florasky.cn IN A + (MY SERVER IP) client 75.217.45.169#50011: query: ybmdyjob.www.florasky.cn IN A + (MY SERVER IP) client 111.205.26.113#63499: query: onwzmlgpsfwzap.www.ludashi789.com IN A + (MY SERVER IP) client 113.68.70.81#9947: query: kvajqdmxqxgzal.www.florasky.cn IN A + (MY SERVER IP) client 95.193.118.38#13226: query: gnyjyrinovclsfqn.www.ludashi789.com IN A + (MY SERVER IP) client 101.121.90.99#9047: query: wfglevwnqfwfkl.www.ludashi789.com IN A + (MY SERVER IP) client 13.76.29.77#13797: query: ingrsrsdwvexkp.www.ludashi789.com IN A + (MY SERVER IP) client 67.88.217.227#24213: query: edqjujahodyf.www.ludashi789.com IN A + (MY SERVER IP) client 37.108.134.137#53089: query: qxojixixmpahyngx.www.ludashi789.com IN A + (MY SERVER IP)
首先要了解的是,您不是這次攻擊的目標。啟用遞歸後,討厭的人在他們的網路掃描中發現了這一點,並且您的伺服器被添加到“願意”幫助他們的攻擊節點列表中。
即使該漏洞已被修補,您現在仍處於一個易受攻擊伺服器的數據庫中,該數據庫已分佈在至少一個惡意軟體網路中。你無法改變這一點:在有人決定清理他們的列表之前,這些查詢只會不斷出現。除非您的管道(或日誌磁碟)很小,否則如果這些查詢被拒絕,它們應該不會對您的伺服器產生太大影響。
我唯一能真正建議的另一件事是,您將此服務移至不同的 IP 地址,並將此 IP 替換為可以輕鬆丟棄埠 53 上的所有流量的設備。