
平臺論壇博客文庫

› 論壇 › IT運維 › 服務器應用 › 關于外網(wǎng)有很多地址連接到公司內(nèi)部dns上的問題 ...

[DNS] 關于外網(wǎng)有很多地址連接到公司內(nèi)部dns上的問題 ... [復制鏈接]

ld1978

稍有積蓄

論壇徽章:: 0

電梯直達

1樓 [收藏(0)] [報告]

發(fā)表于 2013-09-04 21:58 |只看該作者 |倒序瀏覽

上午，公司一臺dns+mail服務器突然經(jīng)常死機，影響了公網(wǎng)訪問和企業(yè)郵箱的使用。此服務器環(huán)境是linux+bind+extmail，由于沒在公司，讓別人重啟了幾次機器，下午倒沒再出現(xiàn)過。
晚上回家，查了一下服務器日志和防火墻的連接情況，如下：
防火墻上還有很多空閑的連接，是連到這臺dns服務的
UDP outside 178.33.126.71:7369 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 134.153.172.19:61546 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:35156 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:57166 inside 172.16.1.9:53, idle 0:00:23, bytes 610, flags -
UDP outside 212.95.7.96:45037 inside 172.16.1.9:53, idle 0:00:23, bytes 39, flags -
UDP outside 84.122.232.118:28968 inside 172.16.1.9:53, idle 0:00:23, bytes 1230, flags -
UDP outside 84.200.19.10:2321 inside 172.16.1.9:53, idle 0:00:23, bytes 1362, flags -
UDP outside 84.200.19.10:41461 inside 172.16.1.9:53, idle 0:00:23, bytes 2504, flags -
UDP outside 84.122.232.118:34288 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 84.122.232.118:14185 inside 172.16.1.9:53, idle 0:00:24, bytes 1362, flags -
UDP outside 134.153.172.19:46424 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 134.153.172.19:57773 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:13062 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:43965 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:39129 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:49876 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:44000 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:56919 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 134.153.172.19:65142 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 84.122.232.118:49229 inside 172.16.1.9:53, idle 0:00:24, bytes 1318, flags -
UDP outside 84.122.232.118:4413 inside 172.16.1.9:53, idle 0:00:24, bytes 2504, flags -
UDP outside 178.33.126.71:35541 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:22902 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:18214 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:62960 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:4207 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:895 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 84.200.19.10:7947 inside 172.16.1.9:53, idle 0:00:24, bytes 615, flags -
UDP outside 178.33.126.71:41376 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:40893 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 178.33.126.71:34383 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14745 inside 172.16.1.9:53, idle 0:00:24, bytes 610, flags -
UDP outside 212.95.7.96:14692 inside 172.16.1.9:53, idle 0:00:24, bytes 39, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64642, idle 0:00:05, bytes 222, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40392, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:20713, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52213, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:52966, idle 0:00:13, bytes 131, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:31330, idle 0:00:13, bytes 138, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:44021, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:40520, idle 0:00:13, bytes 525, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:26055, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:64752, idle 0:00:13, bytes 211, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:23066, idle 0:00:13, bytes 240, flags -
UDP outside 219.150.32.132:53 inside 172.16.1.9:37046, idle 0:00:13, bytes 285, flags -
TCP outside 74.125.128.125:443 inside 172.16.1.7:4355, idle 0:00:04, bytes 7001, flags UIO
TCP outside 180.149.131.104:80 inside 172.16.1.7:4354, idle 0:00:13, bytes 2855, flags UIO

另外在服務器的日志上有很多也都是關于dns的，如下：
cat /var/log/messages
Sep  1 03:24:08 mail rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1229" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Sep  1 03:25:15 mail named[17581]: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:25:15 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:25:15 mail named[17581]: validating @0x7f31c81bb820: 220.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:15 mail named[17581]: error (no valid RRSIG) resolving '181.220.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:25:17 mail named[17581]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Sep  1 03:25:17 mail named[17581]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Sep  1 03:25:17 mail named[17581]: validating @0x7f31c8191280: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:17 mail named[17581]: error (no valid RRSIG) resolving '126.com/DS/IN': 219.150.32.132#53
Sep  1 03:25:56 mail named[17581]: validating @0x7f31d065b6c0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:56 mail named[17581]: error (no valid RRSIG) resolving 'qhimg.com/DS/IN': 219.150.32.132#53
Sep  1 03:25:59 mail named[17581]: validating @0x7f31d0561b20: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:59 mail named[17581]: validating @0x7f31c818d940: 115.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:25:59 mail named[17581]: error (no valid RRSIG) resolving '197.33.168.115.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:26:01 mail named[17581]: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/DS/IN': 2001:500:13::c7d4:35#53
Sep  1 03:26:01 mail named[17581]: error (insecurity proof failed) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep  1 03:26:03 mail named[17581]: error (network unreachable) resolving '197.33.168.115.in-addr.arpa/PTR/IN': 2001:500:13::c7d4:35#53
Sep  1 03:28:03 mail named[17581]: validating @0x7f31c00416a0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:28:03 mail named[17581]: error (no valid RRSIG) resolving 'hao123.com/DS/IN': 219.150.32.132#53
Sep  1 03:28:06 mail named[17581]: validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:28:06 mail named[17581]: error (no valid RRSIG) resolving 'lxdns.com/DS/IN': 219.150.32.132#53
Sep  1 03:29:37 mail named[17581]: validating @0x7f31c818e950: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:29:37 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:30:01 mail named[17581]: validating @0x7f31c818d940: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:01 mail named[17581]: error (no valid RRSIG) resolving 'adobe.com/DS/IN': 219.150.32.132#53
Sep  1 03:30:06 mail named[17581]: validating @0x7f31d05fba60: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:06 mail named[17581]: error (no valid RRSIG) resolving 'hadns.net/DS/IN': 219.150.32.132#53
Sep  1 03:30:07 mail named[17581]: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:67c:1010:27::53#53
Sep  1 03:30:07 mail named[17581]: error (network unreachable) resolving '51.248.195.60.in-addr.arpa/PTR/IN': 2001:dc0:1:0:4777::131#53
Sep  1 03:30:09 mail named[17581]: validating @0x7f31cc147700: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:09 mail named[17581]: error (no valid RRSIG) resolving 'edgekey.net/DS/IN': 219.150.32.132#53
Sep  1 03:30:15 mail named[17581]: error (network unreachable) resolving 'dns1.datadragon.net/A/IN': 2001:503:231d::2:30#53
Sep  1 03:30:19 mail named[17581]: validating @0x7f31c818d940: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:30:19 mail named[17581]: error (no valid RRSIG) resolving 'akamaiedge.net/DS/IN': 219.150.32.132#53
Sep  1 03:31:22 mail named[17581]: validating @0x7f31c00ab8d0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:22 mail named[17581]: error (no valid RRSIG) resolving 'qhcdn.com/DS/IN': 219.150.32.132#53
Sep  1 03:31:27 mail named[17581]: error (network unreachable) resolving 'qhcdn.com/DS/IN': 2001:503:a83e::2:30#53
Sep  1 03:31:50 mail named[17581]: validating @0x7f31d068abc0: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:50 mail named[17581]: error (no valid RRSIG) resolving 'qh-lb.com/DS/IN': 219.150.32.132#53
Sep  1 03:31:57 mail named[17581]: validating @0x7f31c0144030: net SOA: got insecure response; parent indicates it should be secure
Sep  1 03:31:57 mail named[17581]: error (no valid RRSIG) resolving 'ccgslb.net/DS/IN': 219.150.32.132#53
Sep  1 03:32:02 mail named[17581]: validating @0x7f31d05fba60: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:02 mail named[17581]: error (no valid RRSIG) resolving 'so.com/DS/IN': 219.150.32.132#53
Sep  1 03:32:23 mail named[17581]: validating @0x7f31c0108dd0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:23 mail named[17581]: validating @0x7f31c0032330: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:23 mail named[17581]: error (no valid RRSIG) resolving '126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:27 mail named[17581]: validating @0x7f31d0611270: 58.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:27 mail named[17581]: error (no valid RRSIG) resolving '54.58.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:28 mail named[17581]: validating @0x7f31c81905f0: 111.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:28 mail named[17581]: error (no valid RRSIG) resolving '219.126.193.111.in-addr.arpa/DS/IN': 219.150.32.132#53
Sep  1 03:32:34 mail named[17581]: error (insecurity proof failed) resolving '219.126.193.111.in-addr.arpa/PTR/IN': 219.150.32.132#53
Sep  1 03:32:36 mail named[17581]: validating @0x7f31d0694200: com SOA: got insecure response; parent indicates it should be secure
Sep  1 03:32:36 mail named[17581]: error (no valid RRSIG) resolving '360safe.com/DS/IN': 219.150.32.132#53
Sep  1 03:34:08 mail clamd[1293]: SelfCheck: Database status OK.
Sep  1 03:35:10 mail named[17581]: validating @0x7f31cc032330: . NS: got insecure response; parent indicates it should be secure
Sep  1 03:35:10 mail named[17581]: error (insecurity proof failed) resolving './NS/IN': 219.150.32.132#53
Sep  1 03:35:26 mail named[17581]: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:b::1#53
Sep  1 03:35:26 mail named[17581]: error (network unreachable) resolving 'scientificlinux.org/DS/IN': 2001:500:f::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:c::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:40::1#53
Sep  1 03:35:32 mail named[17581]: error (network unreachable) resolving 'org/DNSKEY/IN': 2001:500:e::1#53
Sep  1 03:35:40 mail named[17581]: error (network unreachable) resolving 'ftp1.scientificlinux.org/AAAA/IN': 2620:6a:0:1203::208:71#53

大家看看是不是被攻擊了呢？我該如何做？