{"id":33217,"date":"2020-05-05T18:23:00","date_gmt":"2020-05-05T15:23:00","guid":{"rendered":"https:\/\/www.natro.com\/blog\/?p=33217"},"modified":"2022-04-12T18:28:32","modified_gmt":"2022-04-12T15:28:32","slug":"dns-amplification-saldirisindan-korunma-dns-recursion-update","status":"publish","type":"post","link":"https:\/\/www.natro.com\/blog\/dns-amplification-saldirisindan-korunma-dns-recursion-update\/","title":{"rendered":"DNS Amplification Sald\u0131r\u0131s\u0131ndan Korunma: DNS Recursion Update"},"content":{"rendered":"\n

DNS Amplification<\/strong> bir t\u00fcr DDoS sald\u0131r\u0131s\u0131d\u0131r. Bu sald\u0131r\u0131n\u0131n amac\u0131, kullan\u0131c\u0131lar\u0131n a\u011f \u00fczerinde bulunan sistemlere eri\u015fimini yava\u015flatarak bir web sitesine veya uygulamaya eri\u015fim sa\u011flamalar\u0131n\u0131 engellemektir.<\/p>\n\n\n\n

Bu sald\u0131r\u0131dan korunmak i\u00e7in cPanel<\/strong>, Plesk<\/strong>, Ubuntu <\/strong>ve Windows Server<\/strong> kullanan sunucular\u0131n\u0131z i\u00e7in yapabilece\u011finiz DNS Recursion Update <\/strong>i\u015fleminden bahsedece\u011fiz.<\/p>\n\n\n\n

1- cPanel \u2013 Sunucu Ayarlar\u0131<\/strong><\/span><\/h2>\n\n\n\n

SSH ba\u011flant\u0131s\u0131 sa\u011flad\u0131ktan sonra a\u015fa\u011f\u0131daki komut ile DNS Recursion mevcut ayarlar\u0131n\u0131 g\u00f6r\u00fcnt\u00fclemi\u015f olaca\u011f\u0131z.<\/p>\n\n\n\n

cat \/etc\/named.conf | grep \u201crecursion\u201d<\/p><\/blockquote>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

Dikkat etmemiz gerek konu burada d\u0131\u015far\u0131ya do\u011fru dns recursion i\u015fleminin a\u00e7\u0131k olup olmad\u0131\u011f\u0131n\u0131 kontrol etmektir. Bunun i\u00e7in a\u015fa\u011f\u0131daki komut ile ilgili dosya i\u00e7eri\u011fine eri\u015fim sa\u011flay\u0131p CTRL + W ile \u201cexterna<\/strong>l\u201d kelimesini aratal\u0131m.<\/p>\n\n\n\n

\u201cnano kurulu de\u011fil ise Centos<\/strong> i\u00e7in \u201cyum install nano\u201d Ubuntu<\/strong> i\u00e7in \u201capt install nano\u201d kullanabilirsiniz.\u201d<\/p>\n\n\n\n

Nano \/etc\/named.conf<\/p><\/blockquote>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

Burada g\u00f6r\u00fclece\u011fi \u00fczere \u201cexternal<\/strong>\u201d b\u00f6l\u00fcm\u00fcnde recursion \u201cyes<\/strong>\u201d g\u00f6r\u00fclmekte bunu \u201cno<\/strong>\u201d olarak g\u00fcncelledikten sonra CTRL + X<\/strong> ile kaydedip \u00e7\u0131k\u0131\u015f yap\u0131yoruz. Bu i\u015flemden sonra yapmam\u0131z gereken tek i\u015flem dns servisini yeniden ba\u015flatmak olacakt\u0131r. A\u015fa\u011f\u0131daki komut ile servisi yeniden ba\u015flatabiliriz.<\/p>\n\n\n\n

service named restart<\/p><\/blockquote>\n\n\n\n

\"\"<\/figure>\n\n\n\n

2- Plesk \u2013 Sunucu Ayarlar\u0131<\/strong><\/span><\/h2>\n\n\n\n

Plesk \u00fczerinde dns recursion i\u015flemini kontrol etmek ve iptal etmek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izlememiz gerekiyor. \u00d6ncelikle ipadresiniz:8443<\/strong> olarak Plesk panelinize en y\u00fcksek yetki ile giri\u015f yap\u0131n\u0131z.<\/p>\n\n\n\n

Ipadresiniz: 8443\/admin\/server\/tools?context=tools<\/p><\/blockquote>\n\n\n\n

Giri\u015f sa\u011flad\u0131ktan sonra sol tarafta bulunan Ara\u00e7lar ve Ayarlar sekmesi i\u00e7erisindeki DNS \u015eablonu se\u00e7ene\u011fini se\u00e7ece\u011fiz.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

DNS RecursionDNS \u015eablonu i\u00e7erisinde DNS \u00d6nyinelemesi (recursion) sekmesine ge\u00e7i\u015f sa\u011flayal\u0131m.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u0130lgili sekme i\u00e7erisinden Yaln\u0131zca yerel isteklere izin ver se\u00e7ene\u011fini se\u00e7ip ata butonu ile i\u015flemi kay\u0131t edelim.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Plesk panel kullan\u0131c\u0131lar\u0131 SSH ba\u011flant\u0131s\u0131 sa\u011flamadan panel \u00fczerinden bu i\u015flemi kolayl\u0131kla ger\u00e7ekle\u015ftirebilirler.<\/p>\n\n\n\n

3- Ubuntu \u2013 Sunucu Ayarlar\u0131<\/strong><\/span><\/h2>\n\n\n\n

Ubuntu i\u015fletim sistemine sahip bir sunucu kullan\u0131yorsan\u0131z terminal ekran\u0131na a\u015fa\u011f\u0131daki komutu yap\u0131\u015ft\u0131rman\u0131z yeterli.<\/p>\n\n\n\n

perl -pi -e \u2018s\/recursion yes\/recursion no\/g\u2019 \/etc\/bind\/named.conf;service bind9 restart<\/p><\/blockquote>\n\n\n\n

4- Windows Server 2012 ve \u00dczeri Sunucu Ayarlar\u0131<\/strong><\/span><\/h2>\n\n\n\n

Ba\u015flat \u00fczerinden arama b\u00f6l\u00fcm\u00fcne Powershell yazarak ilgili ekranda \u00e7\u0131kan Powershell arac\u0131n\u0131 \u00e7al\u0131\u015ft\u0131ral\u0131m.<\/p>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

\u0130lgili araca eri\u015fim sa\u011flad\u0131ktan sonra a\u015fa\u011f\u0131da yer alan komutu sat\u0131ra yap\u0131\u015ft\u0131r\u0131p uygulayal\u0131m.<\/p>\n\n\n\n

Set-DnsServerRecursion -Enable 0<\/p><\/blockquote>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

\u0130lgili komutu uygulad\u0131ktan sonra \u00e7\u0131kt\u0131m\u0131z a\u015fa\u011f\u0131daki \u015fekilde bo\u015f olacakt\u0131r.<\/p>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

5- Windows Server 2003 ve 2008 \u2013 Sunucu Ayarlar\u0131<\/strong><\/span><\/h2>\n\n\n\n

Ba\u015flat -> \u00c7al\u0131\u015ft\u0131r -> CMD<\/strong> veya arama b\u00f6l\u00fcm\u00fcne cmd yaz\u0131p y\u00f6netici olarak \u00e7al\u0131\u015ft\u0131rabilirsiniz. CMD<\/strong> ekran\u0131na eri\u015fim sa\u011flad\u0131ktan sonra a\u015fa\u011f\u0131daki komutu i\u015fleyebilirsiniz.<\/p>\n\n\n\n

Dnscmd \/Config \/NoRecursion 1<\/p><\/blockquote>\n\n\n\n

veya alternatif ad\u0131mlar\u0131 inceleyebilirsiniz.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Windows sunucumuza ba\u011flant\u0131 sa\u011flad\u0131ktan sonra arama b\u00f6l\u00fcm\u00fcne DNS yazarak ilgili servise giri\u015f yapal\u0131m.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Servis ekran\u0131 a\u00e7\u0131ld\u0131ktan sonra makine ad\u0131n\u0131z\u0131n yazd\u0131\u011f\u0131 kutucu\u011fa sa\u011f t\u0131klay\u0131p \u00f6zellikler se\u00e7ene\u011fi ile detaylar\u0131na giri\u015f yapal\u0131m.<\/p>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

Detaylara giri\u015f sa\u011flad\u0131ktan sonra Advanced<\/strong> sekmesine ge\u00e7i\u015f yapal\u0131m.<\/p>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n\n\n\n

\u0130lgili sekmede DNS Recursion se\u00e7ene\u011fini g\u00f6r\u00fcnt\u00fclemi\u015f olaca\u011f\u0131z. Bu se\u00e7ene\u011fi i\u015faretledikten sonra kaydedip \u00e7\u0131k\u0131\u015f yapabiliriz.<\/p>\n\n\n\n

\"\"
DNS Recursion<\/figcaption><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"DNS Amplification bir t\u00fcr DDoS sald\u0131r\u0131s\u0131d\u0131r. Bu sald\u0131r\u0131n\u0131n amac\u0131, kullan\u0131c\u0131lar\u0131n a\u011f \u00fczerinde bulunan sistemlere eri\u015fimini yava\u015flatarak bir web…\n","protected":false},"author":7,"featured_media":30018,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,36],"tags":[],"class_list":{"0":"post-33217","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-nasil-yapilir","8":"category-sunucu"},"_links":{"self":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/comments?post=33217"}],"version-history":[{"count":1,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33217\/revisions"}],"predecessor-version":[{"id":33218,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33217\/revisions\/33218"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media\/30018"}],"wp:attachment":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media?parent=33217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/categories?post=33217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/tags?post=33217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}