-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
help for dns server #69
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Guys,
I have a problem here. Could I ask you for some help or at least detailed advice?
I am running a pihole server on a vps. On the same vps is a dns server installed called
unbound.
In fact only port 53 is open, the port where unbound directly listens to queries
is closed from outside. Only 127.0.0.1 (pihole server) can send queries there.
Now, since 3 days I am victim of a massive attack. 60000 queries.....
The funny part, only 0.1 % of the queries are filtered by pihole, like someone has access to
unbound directly, which as far as my knowledge goes is impossible.
I installed your app in hope to block this DDOS or dynamic DDOS attacks, but it doesn't work.
the app seems running on the server, but doesn't block port 53
When I do: ddos --view-port 53
i get: 1 118.24.147.252:63498
so I can see a chinese from Qinzhou, somewhere left of Hong-Kong with ip 118.24.147.252
is attacking me, but the app doesn't block him on port 53...
(Or at least his vpn provider has a server there.)
Is there anything i can do to focus on port 53?
I am a beginner and student in this stuff, and I know I took a risk in deploying a dns.
But from mistakes you learn, no?
Thanks for any help.
UPDATE:
When I do:
ddos --view-port 53
He changes his ip adres every time....
1 118.24.147.252:43401
root@user:/etc/ddos# ddos --cron
Warning: this feature is deprecated and ddos-deflate should be run on daemon mode instead.
root@user:/etc/ddos# ddos --start
ddos daemon is already running...
Can I manually add banned ip's?
there is something I really do not understand here.....
When I bypass the program and do a hard:
iptables -I INPUT -s 118.24.147.252 -j DROP
to block at least that ip address, and afterwards I do a
ddos --view-port 53,
the response is:
1 118.24.147.252:8550
1 118.24.147.252:13183
So, I block it an they still manage to get queries???? am I missing something here?
Can Chinese admins bypass iptable firewalls?
oh, before you ask for it, I forgot to add this:
root@user:/etc/ddos# ddos --start
ddos daemon is already running...
The text was updated successfully, but these errors were encountered: