Unbound dns resolver involved in DNS Amplification attack
Cristiano Deana
cristiano.deana at megaweb.it
Mon Mar 24 10:33:26 UTC 2025
Il 24/03/2025 11:18, sir izake via Unbound-users ha scritto:
Hi,
> I run an unbound dns cache resolver (version 1.22.0) on a freebsd 14.2
> server. It is configured to only respond to queries from the local host
> and my network IP block.
what do you get with `unbound-control get_option access-control'?
> Recently, I detected my server was involved in a DNS amplification
> attack. By default unbound doesn't respond to any query outside those
> allowed in the access list in the config file. How do I uncover the
> source IPs involved and potentially block them.
>
> Are there other options I need to enable to prevent further
> amplification attacks?
>
> I have checked the server and don't see any suspicious process running.
>
> Your support and advice is greatly appreciated.
>
> Regards
> izake
--
###############################
# Cristiano Deana #
# #
# Senior Network Engineer #
# Digital Response Team #
# CittaStudi S.p.a. #
# off. +39 015 855 1172 #
# cell +39 328 310 6392 #
###############################
More information about the Unbound-users
mailing list