How to protect Name Servers against DDoS attack?

Refers to:

  • Plesk for Linux

Created:

2016-11-16 13:10:40 UTC

Modified:

2016-12-21 20:07:28 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to protect Name Servers against DDoS attack?

Symptoms

PBA-S-managed name servers (slave name servers) are under DDoS attack.

DNS open recursion service can be used to conduct malicious attacks on a network. This can occur when the default setting for DNS services is not adjusted upon installation. When used maliciously, the service can send Distributed Denial of Service (DDoS) attacks by a third party with malicious intentions.

How to protect them?

Resolution

This can be prevented by adjusting your DNS settings. You may adjust name server configuration file on the PBA-S-managed name servers directory. Usually named configuration file is /etc/named.conf :

version "unknown";
allow-transfer {none;};
allow-recursion {none;};
allow-query-cache {none;}; // for BIND 9.4+
recursion no;
additional-from-cache no;

Remember to include all IP-pools used by your customer's into the list of networks allowed to use recursive queries - replace " allow-recursion {none;}; " with " allow-recursion { %list of clients IP addresses%; }; ". Restart named service to apply the changes:

~# service named restart

Please refer to the following resource - Adjusting DNS to secure servers against DDoS attacks for specific settings for:

Windows
Plesk
Linux
Windows servers running DNS
Bind under Windows Plesk

Additional information

Adjusting DNS to secure servers against DDoS attacks

Have more questions? Submit a request
Please sign in to leave a comment.