So, at the hoster, when the foreign traffic exceeds the Russian traffic, the counter turns on and it starts to charge money for the traffic. The problem is that my DNS got mad at the server and started sending and receiving data from different parts of the world winding up foreign traffic at 15Gb per day. I conjured with named.conf and I managed to reduce traffic to 5-7Gb. Here is the config file:

controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };};logging { channel "log_default" { file "/var/log/named.log" versions 10 size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; channel "log_security" { file "/var/log/named-security.log" versions 5 size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; channel "null" { null; }; category "default" { "log_default"; }; category "security" { "log_security"; }; category "unmatched" { "null"; };};//acl trusted {// 127.0.0.1;//};options { //allow-recursion { // trusted; //}; //allow-query { // 127.0.0.1; // 217.16.0.0/24; //}; //allow-recursion { // any; //}; allow-query { 127.0.0.1; }; allow-recursion { 127.0.0.1; }; allow-transfer { 127.0.0.1; }; recursion no; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; directory "/var"; //auth-nxdomain no; pid-file "/var/run/named/named.pid";};key "rndc-key" { algorithm hmac-md5; secret "CeMgS23y0oWE20nyv0x40Q==";};controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };};zone "." { type hint; file "named.root";};zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev";};zone "25.200.82.in-addr.arpa" { type master; file "25.200.82.in-addr.arpa"; allow-transfer { common-allow-transfer; };};

Domains did not specify, since it does not matter. The whole thing is complicated by the fact that the server is fedora 4 and the campaign is so old that it is almost impossible to download software for it, at least from the repository. Tell me what to do? I was told that the problem may be in recursion, but I turned it off, so most likely the traffic has decreased, but it is still too high. How to check if the recursion actually turned off?

  • If there is a tcpdump, put it for a couple of hours, save the output to a file. Sort by ip addresses, at least you will understand what from where and where. - pyatak
  • I have been monitoring the main traffic for 2 days on srv-u41.antiddos.biz ns3038.hostgator.com stats.windflower.arvixe.com subdomains change sometimes ... - greshnik
  • I can't close them for some reason! - greshnik
  • Is it from your server requests go to these hosts or vice versa? - pyatak
  • I understand that first, a request comes to the server from them, and then, for some reason, outgoing traffic from the server comes in at times more incoming ... - greshnik

1 answer 1

http://www.xakep.ru/post/59335/ Maybe there is a similar situation described here?