Symptoms
-
Plesk Obsidian running on a Linux-based operating system
-
From time to time the DNS server on the Plesk server doesn't respond and websites are not available
-
An unusually high number of
deniedrequests can be found in the/var/log/messages(or/var/log/syslog) log file:# egrep named.*denied$ /var/log/messages | wc -l
2242638# egrep named.*denied$ /var/log/messages | tail -n1
named[31354]: client @0x0000 203.0.113.2#18496 (example.com): query (cache) 'example.com/A/IN' denied
Cause
The DNS server on the Plesk server is under a DNS DDoS attack. Due to this, all of its resources are taken by a high number of denied requests and eventually it has no resources left to serve legitimate requests, which causes websites to not open or fails to respond to global DNS servers.
Resolution
The functionality of external server-side DDoS protection is not yet implemented in Plesk, however you may vote for this feature on the following link:
DDOS Protection – Your Ideas for Plesk
The top-ranked suggestions are likely to be included on next versions of Plesk.
In general, what you can do if the attack is ongoing for too long contact a security or network expert for assistance to mitigate the DNS DDoS attack.
Note: Keep in mind that in general, DDoS protection implemented on the server level of any kind of a single server cannot do anything when a large enough DDoS attack is ongoing for a long period of time.
The only way to circumvent a significant DDoS attack is to use a third party DDoS protection service such as the ones CDN providers can offer. Adequate CDN DDoS protection solutions that cover all of the most important network layers are available on the following link:
with