关于外网有很多地址连接到公司内部dns上的问题 ...
上午,公司一台dns+mail服务器突然经常死机,影响了公网访问和企业邮箱的使用。此服务器环境是linux+bind+extmail,由于没在公司,让别人重启了几次机器,下午倒没再出现过。晚上回家,查了一下服务器日志和防火墙的连接情况,如下:
防火墙上还有很多空闲的连接,是连到这台dns服务的
UDP outside 178.33.126.71:7369 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 134.153.172.19:61546 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:35156 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:57166 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:45037 inside 172.16.1.9:53, idle 0:00:23, bytes 39, flags -
UDP outside 84.122.232.118:28968 inside 172.16.1.9:53, idle 0:00:23, bytes 1230, flags -
UDP outside 84.200.19.10:2321 inside 172.16.1.9:53, idle 0:00:23, bytes 1362, flags -
UDP outside 84.200.19.10:41461 inside 172.16.1.9:53, idle 0:00:23, bytes 2504, flags -
UDP outside 84.122.232.118:34288 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 84.122.232.118:14185 inside 172.16.1.9:53, idle 0:00:24, bytes 1362, flags -
UDP outside 134.153.172.19:46424 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 134.153.172.19:57773 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:13062 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:43965 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:39129 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:49876 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:44000 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:56919 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:65142 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 84.122.232.118:49229 inside 172.16.1.9:53, idle 0:00:24, bytes 1318, flags -
UDP outside 84.122.232.118:4413 inside 172.16.1.9:53, idle 0:00:24, bytes 2504, flags -
UDP outside 178.33.126.71:35541 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:22902 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:18214 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:62960 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:4207 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:895 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 84.200.19.10:7947 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 178.33.126.71:41376 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:40893 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:34383 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14745 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14692 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64642, idle 0:00:05, bytes 222, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40392, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:20713, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52213, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52966, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:31330, idle 0:00:13, bytes 138, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:44021, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40520, idle 0:00:13, bytes 525, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:26055, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64752, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:23066, idle 0:00:13, bytes 240, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:37046, idle 0:00:13, bytes 285, flags -
TCP outside 74.125.128.125:443 inside 172.16.1.7:4355, idle 0:00:04, bytes 7001, flags UIO
TCP outside 180.149.131.104:80 inside 172.16.1.7:4354, idle 0:00:13, bytes 2855, flags UIO
另外在服务器的日志上有很多也都是关于dns的,如下:
cat /var/log/messages
Sep1 03:24:08 mail rsyslogd: rsyslogd was HUPed
Sep1 03:25:15 mail named: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep1 03:25:15 mail named: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep1 03:25:15 mail named: validating @0x7f31c81bb820: 220.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:25:15 mail named: error (no valid RRSIG) resolving '181.220.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep1 03:25:17 mail named: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Sep1 03:25:17 mail named: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Sep1 03:25:17 mail named: validating @0x7f31c8191280: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:25:17 mail named: error (no valid RRSIG) resolving '126.com/DS/IN': 219.150.32.132#53
Sep1 03:25:56 mail named: validating @0x7f31d065b6c0: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:25:56 mail named: error (no valid RRSIG) resolving 'qhimg.com/DS/IN': 219.150.32.132#53
Sep1 03:25:59 mail named: validating @0x7f31d0561b20: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:25:59 mail named: validating @0x7f31c818d940: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:25:59 mail named: error (no valid RRSIG) resolving '197.33.168.115.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep1 03:26:01 mail named: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/DS/IN': 2001:500:13::c7d4:35#53
Sep1 03:26:01 mail named: error (insecurity proof failed) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep1 03:26:03 mail named: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 2001:500:13::c7d4:35#53
Sep1 03:28:03 mail named: validating @0x7f31c00416a0: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:28:03 mail named: error (no valid RRSIG) resolving 'hao123.com/DS/IN': 219.150.32.132#53
Sep1 03:28:06 mail named: validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:28:06 mail named: error (no valid RRSIG) resolving 'lxdns.com/DS/IN': 219.150.32.132#53
Sep1 03:29:37 mail named: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep1 03:29:37 mail named: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep1 03:30:01 mail named: validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:30:01 mail named: error (no valid RRSIG) resolving 'adobe.com/DS/IN': 219.150.32.132#53
Sep1 03:30:06 mail named: validating @0x7f31d05fba60: net SOA: got insecure response; parent indicates it should be secure
Sep1 03:30:06 mail named: error (no valid RRSIG) resolving 'hadns.net/DS/IN': 219.150.32.132#53
Sep1 03:30:07 mail named: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53
Sep1 03:30:07 mail named: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:dc0:1:0:4777::131#53
Sep1 03:30:09 mail named: validating @0x7f31cc147700: net SOA: got insecure response; parent indicates it should be secure
Sep1 03:30:09 mail named: error (no valid RRSIG) resolving 'edgekey.net/DS/IN': 219.150.32.132#53
Sep1 03:30:15 mail named: error (network unreachable) resolving 'dns1.datadragon.net/A/IN': 2001:503:231d::2:30#53
Sep1 03:30:19 mail named: validating @0x7f31c818d940: net SOA: got insecure response; parent indicates it should be secure
Sep1 03:30:19 mail named: error (no valid RRSIG) resolving 'akamaiedge.net/DS/IN': 219.150.32.132#53
Sep1 03:31:22 mail named: validating @0x7f31c00ab8d0: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:31:22 mail named: error (no valid RRSIG) resolving 'qhcdn.com/DS/IN': 219.150.32.132#53
Sep1 03:31:27 mail named: error (network unreachable) resolving 'qhcdn.com/DS/IN': 2001:503:a83e::2:30#53
Sep1 03:31:50 mail named: validating @0x7f31d068abc0: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:31:50 mail named: error (no valid RRSIG) resolving 'qh-lb.com/DS/IN': 219.150.32.132#53
Sep1 03:31:57 mail named: validating @0x7f31c0144030: net SOA: got insecure response; parent indicates it should be secure
Sep1 03:31:57 mail named: error (no valid RRSIG) resolving 'ccgslb.net/DS/IN': 219.150.32.132#53
Sep1 03:32:02 mail named: validating @0x7f31d05fba60: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:02 mail named: error (no valid RRSIG) resolving 'so.com/DS/IN': 219.150.32.132#53
Sep1 03:32:23 mail named: validating @0x7f31c0108dd0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:23 mail named: validating @0x7f31c0032330: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:23 mail named: error (no valid RRSIG) resolving '126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep1 03:32:27 mail named: validating @0x7f31d0611270: 58.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:27 mail named: error (no valid RRSIG) resolving '54.58.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep1 03:32:28 mail named: validating @0x7f31c81905f0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:28 mail named: error (no valid RRSIG) resolving '219.126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep1 03:32:34 mail named: error (insecurity proof failed) resolving '219.126.193.111.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep1 03:32:36 mail named: validating @0x7f31d0694200: com SOA: got insecure response; parent indicates it should be secure
Sep1 03:32:36 mail named: error (no valid RRSIG) resolving '360safe.com/DS/IN': 219.150.32.132#53
Sep1 03:34:08 mail clamd: SelfCheck: Database status OK.
Sep1 03:35:10 mail named: validating @0x7f31cc032330: . NS: got insecure response; parent indicates it should be secure
Sep1 03:35:10 mail named: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep1 03:35:26 mail named: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:b::1#53
Sep1 03:35:26 mail named: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:f::1#53
Sep1 03:35:32 mail named: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:c::1#53
Sep1 03:35:32 mail named: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:40::1#53
Sep1 03:35:32 mail named: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:e::1#53
Sep1 03:35:40 mail named: error (network unreachable) resolving 'ftp1.scientificlinux.org/AAAA/IN': 2620:6a:0:1203::208:71#53
大家看看是不是被攻击了呢?我该如何做? 是不是配置没做好啊??好多空闲连接资源哦
页:
[1]