Tag Archives: DNS hack

view external: query (cache) ‘.in-addr.arpa/PTR/IN’ denied

While working on some issue on clients server I could

see large number of DNS request in /var/log/messages which were flooding DNS server

Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.2#33485: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.8#53106: view external: query (cache) ‘31.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 74.125.72.147#39348: view external: query (cache) ‘27.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.103.7#40721: view external: query (cache) ‘34.249.129.104.in-addr.arpa/PTR/IN’ denied
Jul 27 12:48:55 oklahoma named[14354]: client 173.194.90.9#63592: view external: query (cache) ‘192.245.129.104.in-addr.arpa/PTR/IN’ denied

 

The solution for such issues is by adding few parameter in /etc/named.conf which is bind configuration file

Add the following under options:
recursion no;
additional-from-auth no;
additional-from-cache no;

and restart named

and now I see no such request coming to DNS which has fixed DNS flood issue