Hi,
I am struggling with my DNS server since last week. I added rules so no-one can send dns requests from the WWW, but this junk keeps on coming in.
It slows down the internet and causes some webpages not to open correctly. I suppose it must come from the inside of our network since DNS requests is dropped from the WWW.
I would really appreciate any help on a solution to track the source of this dns junk.
Paste these rules, it seems that you have some error in your FW configuration…
Hi,
My setup looks like this.
INTERNET <—>Gateway Router<—>DNS Server & Internal network
I added these rules on my Gateway router, so nobody from the WWW can do DNS requests.
My clients DNS point to my internal DNS server.
0 ;;; Drop DNS requests directly to this router
chain=input action=drop protocol=udp dst-port=53
1 ;;; Drop DNS requests directly to this router
chain=input action=drop protocol=tcp dst-port=53
What will be the best way to determine source IP does this dns attack?
I really appreciate your help.
Hi,
My setup looks like this.
INTERNET <—>Gateway Router<—>DNS Server & Internal network
I added these rules on my Gateway router, so nobody from the WWW can do DNS requests.
My clients DNS point to my internal DNS server.
0 ;;; Drop DNS requests directly to this router
chain=input action=drop protocol=udp dst-port=53
1 ;;; Drop DNS requests directly to this router
chain=input action=drop protocol=tcp dst-port=53
What will be the best way to determine source IP does this dns attack?
I really appreciate your help.