DNS Amplification Attack

Support for security such as Firewalls and securing linux
nembulus
Posts: 18
Joined: 2014/03/29 00:31:04

DNS Amplification Attack

Postby nembulus » 2017/08/17 03:10:30

Hi,

I have an issue regarding dns ( named ), i receive a lot of random subdomain query on my named.
I have filtering my named query only from internal network, but this attack comes from my internal network.
I believe this is a DNS Amplification Attack, is there anyone have some issue like me ?
How to minimalize this attack ?
Thank you in advanced.


Regards,
Franky

macattack2241
Posts: 6
Joined: 2017/08/18 15:56:54

Re: DNS Amplification Attack

Postby macattack2241 » 2017/08/18 16:09:33

A couple of things can be done to mitigate DNS amplification attack as well as some other attacks:

-Enable rate limiting if you are providing recursive queries.

-Turn off recursive queries if you're server is the SOA!!!! Move your SOA to hidden master and have one server configured specifically for recursive queries.

-Enable queries only from trusted networks, even internal ones.

-If you are providing internal and external DNS services, create an internal view for your trusted networks and external view for your public networks.

-Set up a black hole and keep it up to date. Spamhaus provides up to date malicious domain spaces.

-Ensure you're using TSIG or better for zone transfers.