I think your host provider is referring to Domain Name Server (DNS) amplification attack.
This does not mean that your server has been hacked.
In short; a Domain Name Server (DNS) amplification attack is a distributed denial of service (DDoS) that uses normal DNS response traffic to overwhelm a victims server.
More information can be found on this site:
http://www.us-cert.gov/ncas/alerts/TA13-088A
your DNS server probably needs too reply on DNS request of your domain or the sub-domains.
like
www.yoursite.com, mail.yoursite.com, ...
but not too find the ip-address of yahoo.com, fo example.
The easiest solution is to disable recursion,
so your server will not try too find the ip-address of domains it doesn't know.
Bind9
Add the following to the global options in
/var/named/chroot/etc/named.conf
Code: Select all
options {
allow-query-cache { none; };
recursion no;
};
In the Microsoft DNS console tool:
Right-click the DNS server and click Properties.
Click the Advanced tab.
In Server options, select the Disable recursion check box, and then click OK.
There are other options to limit the (mis)use of your DNS-server.
But this one should stop most of it.
you can test your DNS-server with dig:
Code: Select all
dig yoursite.com @ip-of-dns-server
should give you the ip-addres
should respond with a denied request.
Code: Select all
WARNING: recursion requested but not available