Erwin Fiten
Basic Pleskian
Hi,
I'm probably facing a DNS attack.
So for now I disabled the DNS service.
But it has to be enabled again, because it's serving as a master DNS, so it needs to be accessible by some IP's.
Is there a way to create a JAIL2BAN rule (regex?) to stop those attacs? so the IP's are banned after 2 or 3 'denied' errors .
Erwin
I'm probably facing a DNS attack.
this logline is added at a rate of +100/sec/named[4032]: client 103.74.194.26#4444 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied
So for now I disabled the DNS service.
But it has to be enabled again, because it's serving as a master DNS, so it needs to be accessible by some IP's.
Is there a way to create a JAIL2BAN rule (regex?) to stop those attacs? so the IP's are banned after 2 or 3 'denied' errors .
Erwin