CentOS

Hi,

I have an issue regarding dns ( named ), i receive a lot of random subdomain query on my named.
I have filtering my named query only from internal network, but this attack comes from my internal network.
I believe this is a DNS Amplification Attack, is there anyone have some issue like me ?
How to minimalize this attack ?
Thank you in advanced.


Regards,
Franky

A couple of things can be done to mitigate DNS amplification attack as well as some other attacks:

-Enable rate limiting if you are providing recursive queries.

-Turn off recursive queries if you're server is the SOA!!!! Move your SOA to hidden master and have one server configured specifically for recursive queries.

-Enable queries only from trusted networks, even internal ones.

-If you are providing internal and external DNS services, create an internal view for your trusted networks and external view for your public networks.

-Set up a black hole and keep it up to date. Spamhaus provides up to date malicious domain spaces.

-Ensure you're using TSIG or better for zone transfers.