DNS Flood -- Help!
Len Conrad
LConrad at Go2France.com
Tue Jan 8 18:31:36 UTC 2002
>We run a DNS server of a colocated facility with 90Mb/s capable
>throughput. We have recently been attacked by queries from the 'DNS
>Abuser' exploit written some time ago
>(http://www.securitybugware.org/mUNIXes/4198.html).
>
>Since we are DNS masters for many domains, we have to respond to DNS
>quereies from anywhere and can not limit the service to some range of
>source addresses.
>
>#1. Is there a way to make bind respond to only queries requesting
>information about the zones which it is authoritative for, dropping the
>rest?
geez, of course.
read about "options" allow-recursion; and recursion yes|no;
>#2. To make the problem more complicated, there are also hosts which use
>our server as their primary dns.
learn the DNS lingo. "hosts that use our DNS for recursion"
> This being said, I need to explicitly
>allow a set of source addresses to querey the server in any way they
>choose, while conforming to #1 for all other queries.
see above
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
More information about the bind-users
mailing list