9Feb/090
Blocking a DNS DDOS using the fail2ban package
[ad#ad-1]
Are you tired of getting multi-thousand line emails from the logcheck package that contain multiple reports of denied queries from named? If so this article will show how you can reject these DDOS attempts via the fail2ban package.
apt-get install fail2ban
mkdir /var/log/named chmod a+w /var/log/named
Next, edit /etc/bind/named.conf.local and add the following lines
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic; print-time yes; };
category security { security_file; };
};
now to set up fail2ban. Edit the /etc/fail2ban/jail.conf file and change from:
[named-refused-udp] enabled = false to:true
[named-refused-tcp]
enabled = false to true
Then restart fail2ban in the usual manner,
/etc/init.d/fail2ban restart read more article for click
