Udp 53 in

[fcbinfo]

Can I block any to myserverip UDP 53?

Getting some flood on this, and when i block it on the hardware firewall the flood stop.

Server still working. Can i stay with this blocked?

Thanks!

 

[fcbinfo]

Well... cant.

Now it stop to work. =/

 

[cPanelMichael]

Hello

Yes, UDP traffic over port 53 must be allowed. Have you tried finding the source of the flood to block it, instead of blocking all traffic to the port?

Thank you.

 

[fcbinfo]

Hi. Sorry for late reply.

It's have too much IPs from Asia.
I have blocked Asia: APNIC - Resource ranges allocated by APNIC
Now, I'm still getting flood.
But the server has Dual E-2620 - 128Gb of ram, 16x SSD Raid-10 and 10Gbps of connection.
Easy to this server =)

I have added this too:

iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --set
iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP

This rule is attached to forward.

What you think about this rule? Only 3 connections for the same IP in 2 minutes.

 

[quietFinn]

Now, I'm still getting flood.

Because "flood" can mean almost anything, how much is it in this case?

 

[fcbinfo]

Just not more than the server can stay up without problems.

Some think about 200 connections per second on udp 53, and 50 per second on 25

=/

 

[simonas]

I would recommend installing CSF firewall, which has BIND flood security. I set it to minimal value on every server.
Does the job so far.

 

[fcbinfo]

Its installed.

I'm using this iptables behind this server.