Funny dns traffic

retardI have to run dns servers since most suppliers are technically incapable of doing dnssec (my blog) That was before dnssec became um famous and some kind of now offer it, but your average hoster will probably not offer a complete solution hence why i do what i do and prefer it that way.

So one day i setup fail2ban (my blog) and get it logging dns errors as well as what already does and within seconds it is logging odd traffic from China and the Seychelles and instantly I have two bans.  The non hosted zones return the appropriate get lost and fail2ban sends the block to the firewall.

The zone query (not the zoo) is an odd one and an indicator of probing.  Dnssec remains working as does the contents of the file.

The seychelles has its rogues and crooks and they have been blocked before for other issues so no surprises there in fact you might be impressed by the amount of junk traffic in those tubes.

by golly but...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.