Question Jail2ban ? named[]: client x.x.x.x#4444 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied

[Erwin Fiten]

Hi,
I'm probably facing a DNS attack.

named[4032]: client 103.74.194.26#4444 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied

this logline is added at a rate of +100/sec/

So for now I disabled the DNS service.
But it has to be enabled again, because it's serving as a master DNS, so it needs to be accessible by some IP's.

Is there a way to create a JAIL2BAN rule (regex?) to stop those attacs? so the IP's are banned after 2 or 3 'denied' errors .

Erwin

 

[AYamshanov]

Hi,

Did you look Dns recurcion problem or attack? ? I think this link can help you.

Also loot here: fail2ban/named-refused.conf at 0.10 · fail2ban/fail2ban · GitHub