[Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack

Brielle Bruns bruns at 2mbit.com
Fri Jun 17 17:44:09 UTC 2011


To follow up, if you want to use fail2ban to block those types of 
queries automatically, here's a modified ruleset.


  in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]
failregex = pdns(?:\[\d{1,5}\])?: Not authoritative for '.*',.*sending 
servfail to <HOST> \(recursion was desired\)
ignoreregex =
======

  jail.conf:

  ========
  [pdns-qdomain]
  enabled = true
  #port = domain,8053
  protocol = udp
  filter = pdns
  logpath = /var/log/daemon.log
  bantime = 259200
  maxretry = 2
  ========


Its pretty easy to make matching rules.


-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org



More information about the Pdns-users mailing list