[Pdns-users] [HELP REQUEST - protect PowerDNS] I have had a brutal mass-attack
Brielle Bruns
bruns at 2mbit.com
Fri Jun 17 17:44:09 UTC 2011
To follow up, if you want to use fail2ban to block those types of
queries automatically, here's a modified ruleset.
in /etc/fail2ban/filter.d/pdns.conf:
======
[Definition]
failregex = pdns(?:\[\d{1,5}\])?: Not authoritative for '.*',.*sending
servfail to <HOST> \(recursion was desired\)
ignoreregex =
======
jail.conf:
========
[pdns-qdomain]
enabled = true
#port = domain,8053
protocol = udp
filter = pdns
logpath = /var/log/daemon.log
bantime = 259200
maxretry = 2
========
Its pretty easy to make matching rules.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
More information about the Pdns-users
mailing list