-1

I have a domain that was attacked and flooding the server apache system.

The only way to detour the attack is to reroute the dns off the server.

Is there a generic IP like "127.0.0.1" that I can use to send all traffic away from the server?

I just want any connections to the domain to be routed off the server. I would route it to Google but they might not like that.

Charles Yarbrough
  • 13
  • 1
  • 4
  • 1
    Can you be a little more specific. By domain you mean what, a specific website? Because a dns domain is a collection of various (types of) records – Dan Feb 04 '15 at 16:47
  • 1
    What does Apache have to do with DNS zones? – user Feb 04 '15 at 16:50
  • I'm assuming by `domain` you mean web site and that you want to divert all traffic away from the web site/web server. If so, why not just remove the relevant RR records from the zone? – joeqwerty Feb 04 '15 at 16:56
  • BTW, putting an Nginx proxy in front of your Apache and turning off Apache keepalive will also mitigate matters (as in a high load; a true DDOS is still a problem). If your static content is served from a subdir of your website, you can have nginx serve that as well. It saves a lot of expensive Apache threads. – Halfgaar Feb 04 '15 at 17:16

2 Answers2

1

Pointing the A record to the IP of 127.0.0.1 will definitely do what you want, yup.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • Um, no, it won't. The DNS traffic will still arrive at the OP's name servers. – user Feb 04 '15 at 16:52
  • 4
    From the question, I assumed the DNS server is not the problem. It's the webserver the records point at. Then yes, pointing to 127.0.0.1 would work. However, a lot of (D)DOS attacks also attack by IP. You can look at your webserver logs to see if that's the case (which virtual host is getting the hits). – Halfgaar Feb 04 '15 at 17:14
  • Yep, the dns was null routed with 127.0.0.1 but they are still hitting the IP. I added some security though that keeps them at bay until they get a life. Thanks! – Charles Yarbrough Feb 05 '15 at 19:26
0

If you want to do something similar to "null routing" a DNS zone, just remove the parent zone delegation records for it. Then, no resolver will find its way to your DNS server through the DNS system.

Of course, nobody will be able to resolve any names within that zone. That's the price you pay for stopping resolution of a zone.

user
  • 4,267
  • 4
  • 32
  • 70