[Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack

Brielle Bruns bruns at 2mbit.com
Fri Jun 17 17:28:08 UTC 2011


On 6/17/11 10:53 AM, kim Doff wrote:
> Hello,
>
> I have PowerDNS Authoritative Server is 2.9.22 on Centos 5.5 32 bits.
>
> I do not allow external recursion but I have had a brutal mass-attack
> from China and Romania. It is a "recursion was desired" attack.
>
> Does anyone know how to configure fail2ban to protect port 53?
> Is there a Tutorial for that? I am a newbie.
>
> I tried with iptables but I need something that automaticaly
> blocks ips.
>
> Best Regards,
>
> Kim
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users




in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]
failregex = pdns(?:\[\d{1,5}\])?: Received a malformed qdomain from <HOST>
ignoreregex =
======


You'll need to change it to match your log line.  Then, add the proper 
lines in jail.[conf,local] and it should work.

jail.conf:

========
[pdns-qdomain]
enabled  = true
#port     = domain,8053
protocol = udp
filter   = pdns
logpath  = /var/log/daemon.log
bantime  = 259200
maxretry = 2
========




-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org



More information about the Pdns-users mailing list