Help with regex for dns/named scans protection

1 post Page 1 of 1
jmginer
Junior Member
Posts: 7
Joined: 18 Feb 2015, 20:46


Hello, we are receiving a very high number of DNS requests from domains that we are not hosting,
This is producing a high load on the server and a rapid increase in disk usage due to the writing of the logs.
Can you help me to create the regex in order to protect?
Thank you.

Code: Select all
Jun 30 14:05:20 ns2 named[757]: client 47.89.70.22#58397: view external: query (cache) 'userpic.api.max.mgtv.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 213.244.178.150#48548: view external: query (cache) 'am.xinhua.io/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 188.254.86.199#49601: view external: query (cache) 'bl.clientdown.sdo.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.27.31.72#55054: view external: query (cache) 'm0-img.bybutter.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 80.231.126.199#65229: view external: query (cache) 'as.xinhua.io/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.59.70.199#25634: view external: query (cache) 'webv.chuangcache.com.b.aocde.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 213.244.178.150#22559: view external: query (cache) 'files.edu-edu.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 47.89.70.22#62230: view external: query (cache) 'aliqncdn.miaopai.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 188.254.86.199#16483: view external: query (cache) 'static-mall.health.ikang.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.27.31.72#41712: view external: query (cache) 'c3.xinstatic.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 80.231.126.199#25761: view external: query (cache) 'eu.xinhua.io/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.59.70.199#32412: view external: query (cache) 'activity-static.dongqiudi.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 213.244.178.150#62405: view external: query (cache) 'trace2.codingsky.net/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 47.89.70.22#47680: view external: query (cache) 'am.xinhua.io/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 188.254.86.199#47461: view external: query (cache) 'photo.no5.com.cn/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.27.31.72#24058: view external: query (cache) 'css10-itzcdn-com.alikunlun.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 80.231.126.199#38527: view external: query (cache) 'ottvideoyf.hifuntv.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.59.70.199#42510: view external: query (cache) 'as.xinhua.io.w.kunlunsl.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 47.89.70.22#19845: view external: query (cache) 'files.edu-edu.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 213.244.178.150#65212: view external: query (cache) 'v3-xg.ixigua.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 188.254.86.199#61797: view external: query (cache) 'jx3v4bycs-miniclient.dl.kingsoft.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.27.31.72#38339: view external: query (cache) 'alicdnkk.miaopai.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 80.231.126.199#41969: view external: query (cache) 'www.qzwb.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.59.70.199#32284: view external: query (cache) 'upload.gfan.net.cn/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 47.89.70.22#54490: view external: query (cache) 'trace2.codingsky.net/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 213.244.178.150#30431: view external: query (cache) 'a.tjkximg.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 188.254.86.199#55763: view external: query (cache) 's1.cdn.vcinema.com.cn/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 173.194.169.102#40466: view external: query (cache) 'tacticfootball.com/AAAA/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 80.231.126.199#53721: view external: query (cache) 'userpic.api.max.mgtv.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.27.31.72#56293: view external: query (cache) 'alioscdn.miaopai.com/A/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 172.217.41.6#52619: view external: query (cache) 'tacticfootball.com/AAAA/IN' denied
Jun 30 14:05:20 ns2 named[757]: client 195.59.70.199#30241: view external: query (cache) 'img.bbvod.net/A/IN' denied
1 post Page 1 of 1