[Pdns-users] protect using fail2ban

Steffan Noord steffannoord at gmail.com
Thu Jan 30 11:00:21 UTC 2014


In the past i had a dns flood so im trying to setup some firewall options.
I found this on the list.
But you say that is not the right way to do ?


-----Oorspronkelijk bericht-----
Van: Aki Tuomi [mailto:cmouse at youzen.ext.b2.fi] 
Verzonden: donderdag 30 januari 2014 11:52
Aan: Steffan Noord
CC: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] protect using fail2ban

On Thu, Jan 30, 2014 at 11:07:54AM +0100, Steffan Noord wrote:
> Hello list,
> 
> Im new to fail2ban and want to secure pdns-server3.1 I found a treat 
> with
> 
> in /etc/fail2ban/filter.d/pdns.conf: 
> ======
> [Definition]
> failregex = pdns(?:\[\d{1,5}\])?: Not authoritative for '.*',.*sending 
> servfail to <HOST> \(recursion was desired\) ignoreregex = ======
> 
>   jail.conf: 
> 
>   ======== 
>   [pdns-qdomain] 
>   enabled = true 
>   #port = domain,8053 
>   protocol = udp 
>   filter = pdns 
>   logpath = /var/log/daemon.log 
>   bantime = 259200 
>   maxretry = 2 
>   ========
> 
> But when starting fail2ban im getting a error:
> 
> ConfigParser.ParsingError: File contains parsing errors: /etc/fail2ban/filter.d/pdns.conf
>         [line  3]: 'servfail to <HOST> \\(recursion was desired\\) \n'
> 
> Can someone help me setup fail2ban ?
> Thanxs
> 
> Steffan

Hi Steffan,

 Are you absolutely sure you know what you are doing? This has great potential in locking out  completely legimate users. Why would you want to do this? 

 Your problem, however, is regular expression related. You might want to remove the line break? =)

Aki Tuomi





More information about the Pdns-users mailing list