免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 IT运维 服务器应用 关于外网有很多地址连接到公司内部dns上的问题 ...
最近访问板块 发新帖
查看: 2641 | 回复: 1
打印 上一主题 下一主题

[DNS] 关于外网有很多地址连接到公司内部dns上的问题 ... [复制链接]

ld1978

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2013-09-04 21:58 |只看该作者 |倒序浏览
上午,公司一台dns+mail服务器突然经常死机,影响了公网访问和企业邮箱的使用。此服务器环境是linux+bind+extmail,由于没在公司,让别人重启了几次机器,下午倒没再出现过。
晚上回家,查了一下服务器日志和防火墙的连接情况,如下:
防火墙上还有很多空闲的连接,是连到这台dns服务的
UDP outside 178.33.126.71:7369 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 134.153.172.19:61546 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:35156 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:57166 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:45037 inside 172.16.1.9:53, idle 0:00:23, bytes 39, flags -
UDP outside 84.122.232.118:28968 inside 172.16.1.9:53, idle 0:00:23, bytes 1230, flags -
UDP outside 84.200.19.10:2321 inside 172.16.1.9:53, idle 0:00:23, bytes 1362, flags -
UDP outside 84.200.19.10:41461 inside 172.16.1.9:53, idle 0:00:23, bytes 2504, flags -
UDP outside 84.122.232.118:34288 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 84.122.232.118:14185 inside 172.16.1.9:53, idle 0:00:24, bytes 1362, flags -
UDP outside 134.153.172.19:46424 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 134.153.172.19:57773 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:13062 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:43965 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:39129 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:49876 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:44000 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:56919 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:65142 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 84.122.232.118:49229 inside 172.16.1.9:53, idle 0:00:24, bytes 1318, flags -
UDP outside 84.122.232.118:4413 inside 172.16.1.9:53, idle 0:00:24, bytes 2504, flags -
UDP outside 178.33.126.71:35541 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:22902 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:18214 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:62960 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:4207 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:895 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 84.200.19.10:7947 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 178.33.126.71:41376 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:40893 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:34383 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14745 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14692 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64642, idle 0:00:05, bytes 222, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40392, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:20713, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52213, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52966, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:31330, idle 0:00:13, bytes 138, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:44021, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40520, idle 0:00:13, bytes 525, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:26055, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64752, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:23066, idle 0:00:13, bytes 240, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:37046, idle 0:00:13, bytes 285, flags -
TCP outside 74.125.128.125:443 inside 172.16.1.7:4355, idle 0:00:04, bytes 7001, flags UIO
TCP outside 180.149.131.104:80 inside 172.16.1.7:4354, idle 0:00:13, bytes 2855, flags UIO



另外在服务器的日志上有很多也都是关于dns的,如下:
cat /var/log/messages
Sep  1 03:24:08 mail rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1229" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Sep  1 03:25:15 mail named[17581]: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:25:15 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:25:15 mail named[17581]:   validating @0x7f31c81bb820: 220.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:15 mail named[17581]: error (no valid RRSIG) resolving '181.220.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:25:17 mail named[17581]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Sep  1 03:25:17 mail named[17581]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Sep  1 03:25:17 mail named[17581]:   validating @0x7f31c8191280: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:17 mail named[17581]: error (no valid RRSIG) resolving '126.com/DS/IN': 219.150.32.132#53
Sep  1 03:25:56 mail named[17581]:   validating @0x7f31d065b6c0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:56 mail named[17581]: error (no valid RRSIG) resolving 'qhimg.com/DS/IN': 219.150.32.132#53
Sep  1 03:25:59 mail named[17581]:   validating @0x7f31d0561b20: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:59 mail named[17581]:   validating @0x7f31c818d940: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:59 mail named[17581]: error (no valid RRSIG) resolving '197.33.168.115.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:26:01 mail named[17581]: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/DS/IN': 2001:500:13::c7d4:35#53
Sep  1 03:26:01 mail named[17581]: error (insecurity proof failed) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep  1 03:26:03 mail named[17581]: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 2001:500:13::c7d4:35#53
Sep  1 03:28:03 mail named[17581]:   validating @0x7f31c00416a0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:28:03 mail named[17581]: error (no valid RRSIG) resolving 'hao123.com/DS/IN': 219.150.32.132#53
Sep  1 03:28:06 mail named[17581]:   validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:28:06 mail named[17581]: error (no valid RRSIG) resolving 'lxdns.com/DS/IN': 219.150.32.132#53
Sep  1 03:29:37 mail named[17581]: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:29:37 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:30:01 mail named[17581]:   validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:01 mail named[17581]: error (no valid RRSIG) resolving 'adobe.com/DS/IN': 219.150.32.132#53
Sep  1 03:30:06 mail named[17581]:   validating @0x7f31d05fba60: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:06 mail named[17581]: error (no valid RRSIG) resolving 'hadns.net/DS/IN': 219.150.32.132#53
Sep  1 03:30:07 mail named[17581]: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53
Sep  1 03:30:07 mail named[17581]: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:dc0:1:0:4777::131#53
Sep  1 03:30:09 mail named[17581]:   validating @0x7f31cc147700: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:09 mail named[17581]: error (no valid RRSIG) resolving 'edgekey.net/DS/IN': 219.150.32.132#53
Sep  1 03:30:15 mail named[17581]: error (network unreachable) resolving 'dns1.datadragon.net/A/IN': 2001:503:231d::2:30#53
Sep  1 03:30:19 mail named[17581]:   validating @0x7f31c818d940: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:19 mail named[17581]: error (no valid RRSIG) resolving 'akamaiedge.net/DS/IN': 219.150.32.132#53
Sep  1 03:31:22 mail named[17581]:   validating @0x7f31c00ab8d0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:22 mail named[17581]: error (no valid RRSIG) resolving 'qhcdn.com/DS/IN': 219.150.32.132#53
Sep  1 03:31:27 mail named[17581]: error (network unreachable) resolving 'qhcdn.com/DS/IN': 2001:503:a83e::2:30#53
Sep  1 03:31:50 mail named[17581]:   validating @0x7f31d068abc0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:50 mail named[17581]: error (no valid RRSIG) resolving 'qh-lb.com/DS/IN': 219.150.32.132#53
Sep  1 03:31:57 mail named[17581]:   validating @0x7f31c0144030: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:57 mail named[17581]: error (no valid RRSIG) resolving 'ccgslb.net/DS/IN': 219.150.32.132#53
Sep  1 03:32:02 mail named[17581]:   validating @0x7f31d05fba60: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:02 mail named[17581]: error (no valid RRSIG) resolving 'so.com/DS/IN': 219.150.32.132#53
Sep  1 03:32:23 mail named[17581]:   validating @0x7f31c0108dd0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:23 mail named[17581]:   validating @0x7f31c0032330: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:23 mail named[17581]: error (no valid RRSIG) resolving '126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:27 mail named[17581]:   validating @0x7f31d0611270: 58.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:27 mail named[17581]: error (no valid RRSIG) resolving '54.58.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:28 mail named[17581]:   validating @0x7f31c81905f0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:28 mail named[17581]: error (no valid RRSIG) resolving '219.126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:34 mail named[17581]: error (insecurity proof failed) resolving '219.126.193.111.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep  1 03:32:36 mail named[17581]:   validating @0x7f31d0694200: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:36 mail named[17581]: error (no valid RRSIG) resolving '360safe.com/DS/IN': 219.150.32.132#53
Sep  1 03:34:08 mail clamd[1293]: SelfCheck: Database status OK.
Sep  1 03:35:10 mail named[17581]: validating @0x7f31cc032330: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:35:10 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:35:26 mail named[17581]: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:b::1#53
Sep  1 03:35:26 mail named[17581]: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:f::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:c::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:40::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:e::1#53
Sep  1 03:35:40 mail named[17581]: error (network unreachable) resolving 'ftp1.scientificlinux.org/AAAA/IN': 2620:6a:0:1203::208:71#53


大家看看是不是被攻击了呢?我该如何做?
action08

论坛徽章:
224
2022北京冬奥会纪念版徽章 日期:2015-08-10 16:30:32操作系统版块每日发帖之星 日期:2016-02-18 06:20:00操作系统版块每日发帖之星 日期:2016-03-01 06:20:00操作系统版块每日发帖之星 日期:2016-03-02 06:20:0015-16赛季CBA联赛之上海 日期:2019-09-20 12:29:3219周年集字徽章-周 日期:2019-10-01 20:47:4815-16赛季CBA联赛之八一 日期:2020-10-23 18:30:5320周年集字徽章-20 日期:2020-10-28 14:14:2615-16赛季CBA联赛之广夏 日期:2023-02-25 16:26:26CU十四周年纪念徽章 日期:2023-04-13 12:23:1015-16赛季CBA联赛之四川 日期:2023-07-25 16:53:45操作系统版块每日发帖之星 日期:2016-05-10 19:22:58
2 [报告]
发表于 2013-09-05 16:29 |只看该作者
是不是配置没做好啊??好多空闲连接资源哦
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP