Hi,
I have an issue regarding dns ( named ), i receive a lot of random subdomain query on my named.
I have filtering my named query only from internal network, but this attack comes from my internal network.
I believe this is a DNS Amplification Attack, is there anyone have some issue like me ?
How to minimalize this attack ?
Thank you in advanced.
Regards,
Franky
DNS Amplification Attack
-
- Posts: 6
- Joined: 2017/08/18 15:56:54
Re: DNS Amplification Attack
A couple of things can be done to mitigate DNS amplification attack as well as some other attacks:
-Enable rate limiting if you are providing recursive queries.
-Turn off recursive queries if you're server is the SOA!!!! Move your SOA to hidden master and have one server configured specifically for recursive queries.
-Enable queries only from trusted networks, even internal ones.
-If you are providing internal and external DNS services, create an internal view for your trusted networks and external view for your public networks.
-Set up a black hole and keep it up to date. Spamhaus provides up to date malicious domain spaces.
-Ensure you're using TSIG or better for zone transfers.
-Enable rate limiting if you are providing recursive queries.
-Turn off recursive queries if you're server is the SOA!!!! Move your SOA to hidden master and have one server configured specifically for recursive queries.
-Enable queries only from trusted networks, even internal ones.
-If you are providing internal and external DNS services, create an internal view for your trusted networks and external view for your public networks.
-Set up a black hole and keep it up to date. Spamhaus provides up to date malicious domain spaces.
-Ensure you're using TSIG or better for zone transfers.