Pagi teman2,
Setelah build VPS baru (OS Ubuntu 16), ketika sy lakukan pengecekan, terjadi banjir outgoing DNS query.
Sehingga menggangu DNS query yg mmg benar2 dibutuhkan.
Masalahnya, sy blm nginstall apapun di VPS ini.
Kira2 apa penyebabnya?
Berikut sebagian kecil output dari tcpdump:
# tcpdump -nt -i eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 103.43.46.100.53 > 103.23.20.225.60908: 44543 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.54617: 58099 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 180.251.21.171.60975 > 103.43.44.198.53: 32662% [1au] A? www.papuatoday.com. (47)
IP 180.251.21.171.53183 > 103.43.44.198.53: 11758% [1au] A? papuatoday.com. (43)
IP 69.241.83.197.24632 > 103.23.21.201.53: 12779 [1au] AAAA? cms.dailysocial.id. (47)
IP 172.68.85.17.47203 > 103.23.21.201.53: 5875 [1au] AAAA? nS2.GTk.wEb.Id. (43)
IP 173.252.92.221.47768 > 103.23.21.201.53: 43776% [1au] AAAA? lp.managix.id. (42)
IP 103.43.46.100.53 > 103.23.20.242.57944: 13272 2/0/0 CNAME instagram.c10r.facebook.com., AAAA 2a03:2880:f226:c4:face:b00c:0:43fe (101)
IP 103.43.46.100.53 > 103.23.20.242.50186: 49935 2/0/0 CNAME instagram.c10r.facebook.com., A 31.13.78.52 (89)
IP 173.252.92.221.7507 > 103.23.21.201.53: 42851% [1au] A? lp.managix.id. (42)
IP 173.252.92.221.65329 > 103.23.21.201.53: 21819% [1au] AAAA? ns1.domaincloud.id. (47)
IP 173.252.92.221.43171 > 103.23.21.201.53: 20656% [1au] AAAA? ns2.domaincloud.id. (47)
IP 103.43.46.100.53 > 103.23.20.225.56229: 30684 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.52889: 41254 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 69.241.83.197.8290 > 103.23.21.201.53: 14974 [1au] AAAA? ns1.domaincloud.id. (47)
IP 35.227.18.102.28015 > 103.43.44.55.53: 18236+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 64654+ [1au] ANY? jk1l.ru. (36)
IP 35.227.18.102.28015 > 103.43.44.55.53: 57657+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 55718+ [1au] ANY? jk1l.ru. (36)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
Setelah build VPS baru (OS Ubuntu 16), ketika sy lakukan pengecekan, terjadi banjir outgoing DNS query.
Sehingga menggangu DNS query yg mmg benar2 dibutuhkan.
Masalahnya, sy blm nginstall apapun di VPS ini.
Kira2 apa penyebabnya?
Berikut sebagian kecil output dari tcpdump:
# tcpdump -nt -i eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 103.43.46.100.53 > 103.23.20.225.60908: 44543 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.54617: 58099 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 180.251.21.171.60975 > 103.43.44.198.53: 32662% [1au] A? www.papuatoday.com. (47)
IP 180.251.21.171.53183 > 103.43.44.198.53: 11758% [1au] A? papuatoday.com. (43)
IP 69.241.83.197.24632 > 103.23.21.201.53: 12779 [1au] AAAA? cms.dailysocial.id. (47)
IP 172.68.85.17.47203 > 103.23.21.201.53: 5875 [1au] AAAA? nS2.GTk.wEb.Id. (43)
IP 173.252.92.221.47768 > 103.23.21.201.53: 43776% [1au] AAAA? lp.managix.id. (42)
IP 103.43.46.100.53 > 103.23.20.242.57944: 13272 2/0/0 CNAME instagram.c10r.facebook.com., AAAA 2a03:2880:f226:c4:face:b00c:0:43fe (101)
IP 103.43.46.100.53 > 103.23.20.242.50186: 49935 2/0/0 CNAME instagram.c10r.facebook.com., A 31.13.78.52 (89)
IP 173.252.92.221.7507 > 103.23.21.201.53: 42851% [1au] A? lp.managix.id. (42)
IP 173.252.92.221.65329 > 103.23.21.201.53: 21819% [1au] AAAA? ns1.domaincloud.id. (47)
IP 173.252.92.221.43171 > 103.23.21.201.53: 20656% [1au] AAAA? ns2.domaincloud.id. (47)
IP 103.43.46.100.53 > 103.23.20.225.56229: 30684 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.52889: 41254 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 69.241.83.197.8290 > 103.23.21.201.53: 14974 [1au] AAAA? ns1.domaincloud.id. (47)
IP 35.227.18.102.28015 > 103.43.44.55.53: 18236+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 64654+ [1au] ANY? jk1l.ru. (36)
IP 35.227.18.102.28015 > 103.43.44.55.53: 57657+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 55718+ [1au] ANY? jk1l.ru. (36)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)