Author Topic: There are many query this website on BIND  (Read 6684 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
There are many query this website on BIND
« on: July 22, 2021, 11:26:48 PM »
Hello,

pizzaseo.com is not mine but there are many query this website on my BIND:

Jul 23 07:19:23 server1.mydomain.com named[862]: client @0x7fe1000a9060 76.93.98.218#53 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:27 server1.mydomain.com named[862]: client @0x7fe1000a9060 46.208.101.141#6672 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:28 server1.mydomain.com named[862]: client @0x7fe1000a9060 107.134.244.45#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:29 server1.mydomain.com named[862]: client @0x7fe1000a9060 80.194.235.101#53 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:29 server1.mydomain.com named[862]: client @0x7fe1000a9060 24.50.232.95#32254 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:31 server1.mydomain.com named[862]: client @0x7fe1000a9060 107.134.244.45#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:32 server1.mydomain.com named[862]: client @0x7fe1000a9060 76.93.98.218#53 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:32 server1.mydomain.com named[862]: client @0x7fe1000a9060 107.134.244.45#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:33 server1.mydomain.com named[862]: client @0x7fe1000a9060 107.134.244.45#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
Jul 23 07:19:35 server1.mydomain.com named[862]: client @0x7fe1000a9060 24.50.232.95#32254 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied

How to block or remove pizzaseo.com from my BIND?

Thank you

Offline
***
Re: There are many query this website on BIND
« Reply #1 on: July 28, 2021, 07:39:56 PM »
As indicated in:
https://www.linuxquestions.org/questions/linux-newbie-8/there-are-many-query-this-website-on-my-dns-server-4175676097/

The solution is to Include the following lines in '/usr/local/csf/bin/csfpre.sh' file:

Code: [Select]
iptables -A INPUT -p udp --dport 53 -m string --algo kmp --string "pizzaseo" -j DROP
iptables -A INPUT -p udp --dport 53 -m string --algo kmp --from 0x38 --hex-string "|0000ff00010000292328000000000000|" -j DROP

And restart csf/lfd:

Code: [Select]
csf -x; csf -e

Regards,
Netino

Offline
*
Re: There are many query this website on BIND
« Reply #2 on: July 29, 2021, 04:04:32 AM »
Thank you Netino,

You're save my life, add again "census" to block and it working!

Jul 29 11:53:44 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 192.223.24.145#10908 (.): query (cache) './RRSIG/IN' denied
Jul 29 11:53:44 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 192.223.24.145#10908 (.): query (cache) './RRSIG/IN' denied
Jul 29 11:53:44 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 192.223.24.145#10908 (.): query (cache) './RRSIG/IN' denied
Jul 29 11:54:56 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 193.23.164.10#49423 (l4QmR5.67db9aa1.n89.vp2.v4.dnsdrakkarv4.com): query (cache) 'l4QmR5.67db9aa1.n89.vp2.v4.dnsdrakkarv4.com/A/IN' denied
Jul 29 11:54:56 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 103.219.154.162#49423 (l4QmR5.67db9aa1.s89.vp2.v4.dnsdrakkarv4.com): query (cache) 'l4QmR5.67db9aa1.s89.vp2.v4.dnsdrakkarv4.com/A/IN' denied
Jul 29 11:57:09 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 162.253.128.82#43909 (census.gov): query (cache) 'census.gov/ANY/IN' denied
Jul 29 11:57:09 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 162.253.128.82#43909 (census.gov): query (cache) 'census.gov/ANY/IN' denied
Jul 29 11:57:09 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 162.253.128.82#43909 (census.gov): query (cache) 'census.gov/ANY/IN' denied
Jul 29 11:57:09 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 162.253.128.82#43909 (census.gov): query (cache) 'census.gov/ANY/IN' denied
Jul 29 11:57:09 server1.mydomain.com named[5347]: client @0x7fe8ac042e70 162.253.128.82#43909 (census.gov): query (cache) 'census.gov/ANY/IN' denied

Offline
*
Re: There are many query this website on BIND
« Reply #3 on: August 24, 2021, 06:50:35 AM »
As indicated in:
https://www.linuxquestions.org/questions/linux-newbie-8/there-are-many-query-this-website-on-my-dns-server-4175676097/

The solution is to Include the following lines in '/usr/local/csf/bin/csfpre.sh' file:

Code: [Select]
iptables -A INPUT -p udp --dport 53 -m string --algo kmp --string "pizzaseo" -j DROP
iptables -A INPUT -p udp --dport 53 -m string --algo kmp --from 0x38 --hex-string "|0000ff00010000292328000000000000|" -j DROP

And restart csf/lfd:

Code: [Select]
csf -x; csf -e

Regards,
Netino

First, Thank You for your Know How !!!

We apply your solve, but We have anothers stranges lines:


Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Aug 24 01:26:50 server8.serversweb.net named[32229]: network unreachable resolving './NS/IN': 2001:500:9f::42#53


Does anyone know how to block them?
I'm going to clear the server cache, hope that helps ...