Dns Error Sending Response Host Unreachable
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top bind9 “error sending response: host unreachable” up vote 2 down vote favorite I have a number of DNS servers, all running bind9 (9.5.1, to be specific) under fedora. 4 of them are slaves, fed by a common master for our public DNS. These are all located on the public gateways of our various offices. One of them has tons of messages in its log files similar to these: Jul 21 17:26:18 gateway named[3487]: client 10.171.3.8#52500: view internal: error sending response: host unreachable I wonder where that comes from. The firewall is open on port 53 between the two machines (10.171.3.8 is an internal DNS server located on a Windows Domain Controller). The internal domains do NOT list the gateway as a name server (so there should not be any attempts of replicating the domains), and the gateway does not handle any internal DNS. The clients in these messages vary between the two domain controllers on the internal network and a third internal name server (running bind9 on debian in a different segment of the network). Any pointers are highly welcome. In response to the first reply: The issue with this really is that tcpdump doesn't show any problems. Here is an extract from "tcpdump -i any port 53" 09:13:38.283308 IP valine.aminocom.com.61815 > ns-pri.ripe.net.domain: 14075 PTR? 166.225.58.95.in-addr.arpa. (44) 09:13:42.007410 IP gateway-eng.aminocom.com.37047 > alanine.aminocom.com.domain: 35410+ PTR? 12.3.172.10.in-addr.arpa. (42) At th
on March 10, 2009 1 Comment Share on Facebook Share Share on TwitterTweet Share on Google Plus Share Share on Pinterest Share Share on LinkedIn Share Share on Digg Share Send email Mail Print Print I was shocked when i saw the /var/log/messages filled with large number of entries like "server named[15166]: client [xxxx.xxx]#975: error sending response: host unreachable". I was running my own bind DNS server and initially i thought that this has something to do with dos attacks. There were about 100's of above entries per day originating from few IPs and i http://serverfault.com/questions/162705/bind9-error-sending-response-host-unreachable was very suspicious about it. I did check my firewall rules and port 53 was open for both UDP/TCP. So no problem there. After a long search i found what actually caused this from this CERT article. The reason was somebody doing was flooding the dns packets with spoofed ips, which comonly known as ‘reflection attack' where the attacker spoof dns http://corpocrat.com/2009/03/10/dns-attacks-error-sending-response-host-unreachable/ requests with forged IPs. This happens with bind 8.x or prior versions. To fix this, add this one line in your /etc/named.conf within options.
options {
..
use-id-pool yes
..
}
Also, i would recommend hardening your dns server by disabling zone transfers, notifications and hiding bind version. Follow this article on DNS server hardening. Hope this helps! Similar Posts: Securing your server against DNS Amplification (DoS) attacks How to secure your DNS server bind /etc/named.conf missing What is Open DNS server? Basic Linux Server Security Tutorial Sample DNS Zone File for BIND Troubleshooting Common DNS Misconfiguration Errors 10+ Things to do when your server is down! Whats missing in FIFA 09? Website down? Here is how to fix it
my logs: May 12 https://dan.langille.org/2014/05/12/named-error-sending-response-host-unreachable/ 03:03:36 toiler named[89425]: client 10.55.0.117#62049: error sending response: host unreachable May 12 03:03:51 toiler named[89425]: client 10.55.0.117#57916: error sending response: host unreachable May 12 03:03:58 toiler named[89425]: client 10.55.0.117#57916: error sending response: host unreachable May 12 03:04:14 toiler named[89425]: client 10.55.0.117#33183: dns error error sending response: host unreachable May 12 03:04:21 toiler named[89425]: client 10.55.0.117#33183: error sending response: host unreachable May 12 03:04:36 toiler named[89425]: client 10.55.0.117#32906: error sending response: host unreachable May 12 03:04:43 toiler named[89425]: client 10.55.0.117#32906: error sending response: host unreachable May dns error sending 12 03:04:58 toiler named[89425]: client 10.55.0.117#23841: error sending response: host unreachable May 12 03:05:05 toiler named[89425]: client 10.55.0.117#23841: error sending response: host unreachable May 12 03:05:20 toiler named[89425]: client 10.55.0.117#41946: error sending response: host unreachable May 12 03:05:27 toiler named[89425]: client 10.55.0.117#41946: error sending response: host unreachable May 12 03:05:43 toiler named[89425]: client 10.55.0.117#35243: error sending response: host unreachable May 12 03:05:50 toiler named[89425]: client 10.55.0.117#35243: error sending response: host unreachable May 12 03:06:05 toiler named[89425]: client 10.55.0.117#47116: error sending response: host unreachable May 12 03:06:12 toiler named[89425]: client 10.55.0.117#47116: error sending response: host unreachable May 12 03:06:27 toiler named[89425]: client 10.55.0.117#64226: error sending response: host unreachable May 12 03:06:34 toiler named[89425]: client 10.55.0.117#64226: error sending response: host unreachable May 12 03:06:49 toi