G T Smith wrote: <snip>
The DNSStuff.com report shows the outside world can get the records, including reverse DNS info. The log exerpt was a bad choice where I had temporarily closed the DNS to the outside. I am not concerned about the size of the log, I know several ways to erase files :) What I am concerned about is DNS security. I have read several whitepapers on the subject where DNS servers are under attack from script-kiddies so slowly, but surely I will be converting to a split DNS topography where there is a public side and a private side but in both cases, detecting the attack and dynamically responding to it is a desirable goal.
Point taken...
I suspect that because you were effectively acting as a open forwarder for a while your DNS may have been identified as good vector for generating attacks on third parties. I think you may find one of two things may happen now the attackers will go away, or they may get really p***d and try and blow you out of the water (network... whatever)....
Hopefully the former, if latter grab hard hat and duck :-)
But there is a good point in that anyone running an externally available DNS that they should look at their query and forwarding configuration.
Yes and in my original post, I was touting the virtues of a tool called 'fail2ban' which has worked wonders in reducing to near zero undesired access/attempted accesses on my systems on several of my servers including sshd and ftpd and with proper filters, several other commonly used daemons that script-kiddies use to try to break into systems. I happen to have a small LAN consisting of 4 machines, but I don't want people trashing it just for their jollies, or using it to facillitate trashing someone elses machines. Thus, while my security certainly is not perfect, I keep trying and tools like 'fail2ban' are quite useful. It is a testament that even 'naked', SUSE Linux is pretty secure but that doesn't mean we should sit back on our laurels and assume that it can't be cracked. So, even if you don't use a DNS server, if you use SSHd and need/want to use it from the external network, ie, from work or something, then 'fail2ban' is very effective there also. Thanks for your feedback. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org