The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need Help with DNS Issue!

Discussion in 'Bind / DNS / Nameserver Issues' started by edesignway, Mar 8, 2004.

  1. edesignway

    edesignway Well-Known Member

    Joined:
    Dec 4, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Good Afternoon,

    I have been getting hit with thousands of "lame" dns entries an hour. Normally I wouldn't care, but these "lame" domains are causing the server load to spike and has crashed the server twice.

    Bind is getting slammed with so many inquires that it takes up about 50% to 75% CPU usage.

    People are trying to relay emails through my server on these domains, and Exim is starting to refuse connections because it is getting hit so hard trying to reject the "lame" connections.

    I have APF firewall installed on the server, is there a way I can block these inquires through that, or does anyone else have an idea?

    Your help will be greatly appreciated!

    Thank you,
     
  2. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Could you please further explain what you mean by '"lame" dns entries' and how you are being 'hit' by them?
     
  3. edesignway

    edesignway Well-Known Member

    Joined:
    Dec 4, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    I was assigned IPs by my datacenter, two of these IPs still have someone’s nameservers assigned to them at their domain registrar and about four domains have these nameservers assigned to them. So every time someone tries to view these domains, Bind gets queried, try having people query this domain several thousand times an hour.

    On top of that, people are trying to relay email messages through these domains.
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I would think the easiest solution is to remove those two IP's from Server, for 7 - 10 days. This will get the word out they are inactive and hopefully people will move on to other IPs. Not sure if they are in use or not by your own Clients, but don't see any alternatives to solve the problem.
     
  5. hostcp3

    hostcp3 Well-Known Member

    Joined:
    Jun 18, 2002
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    try this in your /etc/named.conf

    allow-recursion {
    youripblockhere/24;
    youripblockhere/24;
    127.0.0.1;
    };
    };

    logging {
    category notify { null; };
    category lame-servers { null; };
    };




    see below where it goes


    key "rndckey" {
    algorithm *****;
    secret "***************************";
    };


    // generated by named-bootconf.pl

    options {
    directory "/var/named";
    /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below. Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
    // query-source address * port **;
    allow-recursion {
    youripblockhere/24;
    youripblockhere/24;
    127.0.0.1;
    };
    };

    logging {
    category notify { null; };
    category lame-servers { null; };
    };

    //
    // a caching only nameserver config
    //
     
Loading...

Share This Page