[Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack
Brielle Bruns
bruns at 2mbit.com
Fri Jun 17 17:28:08 UTC 2011
On 6/17/11 10:53 AM, kim Doff wrote:
> Hello,
>
> I have PowerDNS Authoritative Server is 2.9.22 on Centos 5.5 32 bits.
>
> I do not allow external recursion but I have had a brutal mass-attack
> from China and Romania. It is a "recursion was desired" attack.
>
> Does anyone know how to configure fail2ban to protect port 53?
> Is there a Tutorial for that? I am a newbie.
>
> I tried with iptables but I need something that automaticaly
> blocks ips.
>
> Best Regards,
>
> Kim
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]
failregex = pdns(?:\[\d{1,5}\])?: Received a malformed qdomain from <HOST>
ignoreregex =
======
You'll need to change it to match your log line. Then, add the proper
lines in jail.[conf,local] and it should work.
jail.conf:
========
[pdns-qdomain]
enabled = true
#port = domain,8053
protocol = udp
filter = pdns
logpath = /var/log/daemon.log
bantime = 259200
maxretry = 2
========
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
More information about the Pdns-users
mailing list