在搬瓦工的廉价 VPS 上搭了个 pdnsd 来对付 DNS 污染,结果被检测为不安全而咔嚓了,有解决方案吗?
2014-03-02 12:32:55 +08:00
cdfmr
以下是收到的邮件通知,说容易遭受DoS攻击,但没说该怎么处理。
KiwiVM has detected an insecure recursive DNS resolver on IP x.x.x.x, which may result in your server getting involved in DNS Amplification DoS attacks. To prevent this from happening, KiwiVM has blocked port 53 in your server by adding the following iptables rule:
iptables -I INPUT -p udp --destination-port 53 -j DROP
You can fix this vulnerability by securing your DNS daemon (or by removing it from your server).
Once this vulnerability is fixed, you may remove this iptables rule.