VPS baru diaktifkan, sdh "kebanjiran" outgoing DNS query


Status
Not open for further replies.

arissety

Apprentice 1.0
Pagi teman2,

Setelah build VPS baru (OS Ubuntu 16), ketika sy lakukan pengecekan, terjadi banjir outgoing DNS query.
Sehingga menggangu DNS query yg mmg benar2 dibutuhkan.
Masalahnya, sy blm nginstall apapun di VPS ini.
Kira2 apa penyebabnya?

Berikut sebagian kecil output dari tcpdump:

# tcpdump -nt -i eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 151.63.71.141.63488 > 103.43.44.55.53: 25586+ [1au] ANY? diasp.org. (38)
IP 103.43.46.100.53 > 103.23.20.225.60908: 44543 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.54617: 58099 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 180.251.21.171.60975 > 103.43.44.198.53: 32662% [1au] A? www.papuatoday.com. (47)
IP 180.251.21.171.53183 > 103.43.44.198.53: 11758% [1au] A? papuatoday.com. (43)
IP 69.241.83.197.24632 > 103.23.21.201.53: 12779 [1au] AAAA? cms.dailysocial.id. (47)
IP 172.68.85.17.47203 > 103.23.21.201.53: 5875 [1au] AAAA? nS2.GTk.wEb.Id. (43)
IP 173.252.92.221.47768 > 103.23.21.201.53: 43776% [1au] AAAA? lp.managix.id. (42)
IP 103.43.46.100.53 > 103.23.20.242.57944: 13272 2/0/0 CNAME instagram.c10r.facebook.com., AAAA 2a03:2880:f226:c4:face:b00c:0:43fe (101)
IP 103.43.46.100.53 > 103.23.20.242.50186: 49935 2/0/0 CNAME instagram.c10r.facebook.com., A 31.13.78.52 (89)
IP 173.252.92.221.7507 > 103.23.21.201.53: 42851% [1au] A? lp.managix.id. (42)
IP 173.252.92.221.65329 > 103.23.21.201.53: 21819% [1au] AAAA? ns1.domaincloud.id. (47)
IP 173.252.92.221.43171 > 103.23.21.201.53: 20656% [1au] AAAA? ns2.domaincloud.id. (47)
IP 103.43.46.100.53 > 103.23.20.225.56229: 30684 2/0/0 CNAME googleapis.l.google.com., AAAA 2404:6800:4003:c00::5f (98)
IP 103.43.46.100.53 > 103.23.20.225.52889: 41254 3/0/0 CNAME googleapis.l.google.com., A 74.125.24.95, A 74.125.200.95 (102)
IP 69.241.83.197.8290 > 103.23.21.201.53: 14974 [1au] AAAA? ns1.domaincloud.id. (47)
IP 35.227.18.102.28015 > 103.43.44.55.53: 18236+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 64654+ [1au] ANY? jk1l.ru. (36)
IP 35.227.18.102.28015 > 103.43.44.55.53: 57657+ [1au] ANY? db.org. (35)
IP 35.227.18.102.28015 > 103.23.21.176.53: 55718+ [1au] ANY? jk1l.ru. (36)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
IP 67.169.139.58.53970 > 103.43.44.55.53: 12036+ [1au] ANY? diasp.org. (38)
 

arissety

Apprentice 1.0
Seagai tambahan, berikut output dari top -c:

Tasks: 17 total, 1 running, 16 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.5 us, 0.0 sy, 0.0 ni, 99.5 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 2097152 total, 1897800 free, 10596 used, 188756 buff/cache
KiB Swap: 2097152 total, 2097124 free, 28 used. 0 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
57 root 20 0 35268 5932 5636 S 0.0 0.3 0:18.06 /lib/systemd/systemd-journald
436 root 20 0 93012 3208 2284 S 0.0 0.2 0:00.08 sshd: root@pts/0
1 root 20 0 37136 3180 2000 S 0.0 0.2 0:01.99 init -z
324 root 20 0 65512 2572 1848 S 0.0 0.1 0:06.83 /usr/sbin/sshd -D
24236 root 20 0 36680 1776 1276 R 0.0 0.1 0:00.00 top -c
445 root 20 0 18248 1672 1176 S 0.0 0.1 0:00.02 -bash
132 syslog 20 0 180584 1656 1000 S 0.0 0.1 0:03.64 /usr/sbin/rsyslogd -n
131 root 20 0 47620 1472 992 S 0.0 0.1 0:00.19 /sbin/rpcbind -f -w
67 root 20 0 41680 1356 896 S 0.0 0.1 0:00.13 /lib/systemd/systemd-udevd
244 root 20 0 89708 1212 256 S 0.0 0.1 0:00.00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
134 root 20 0 26060 1120 880 S 0.0 0.1 0:00.16 /usr/sbin/cron -f
246 root 20 0 89708 956 0 S 0.0 0.0 0:00.00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
243 root 20 0 15048 780 592 S 0.0 0.0 0:00.00 /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
380 root 20 0 12836 740 600 S 0.0 0.0 0:00.00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
381 root 20 0 12836 728 592 S 0.0 0.0 0:00.00 /sbin/agetty --noclear tty2 linux
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [kthreadd/a00f25]
3 root 20 0 0 0 0 S 0.0 0.0 0:00.00 [khelper]
 
Status
Not open for further replies.

Top