How to secure bind DNS from resource utilization attack ?

Solution Unverified - Updated 2016-05-31T20:13:32+00:00 -

Environment

Red Hat Enterprise Linux 6
bind

Issue

How to secure bind DNS from resource utilization attack ?
It is not possible to block all Any queries.
The queries, usually of type "ANY" or "TXT" which are large, can not block due to some limitation.

Resolution

All responses to an address block are counted as if to a single client. The prefix lengths of addresses blocks are specified with ipv4-prefix-length (default 24) and ipv6-prefix-length (default 56).
Prefix can be set like below.

/cache negative responses for one hour
        max-ncache-ttl 3600;
        max-cache-size  1024M;
        rate-limit {
                responses-per-second 75;
                all-per-second 200;
                window 3;
                max-table-size  2000000;
                min-table-size  500000;
                ipv4-prefix-length 32;
         };

For detail on response rate limiting refer response rate limiting
Disclaimer:- Red Hat does not support any third party article. For detail about Red Hat support policy, refer Production Support Scope of Coverage

Root Cause

Due to some limitation It is not possible to block querys sent by users.
allow-recursion and allow-query-cache can not be set none

allow-recursion {none;};
allow-query-cache {none;};

Diagnostic Steps

It seems A DNS Amplification Attack. As allow publicly accessible open resolver an attacker can scan network and find the open resolver. Then it is possible to spoof source IP and send a dns query that results in a large reply. since udp protocol uses for the query it respond to the spoofed request with a large reply (much larger than the request). the queries are usually of type "ANY" or "TXT" which are large. It can not block all "ANY" queries as customers do use those some times.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories