DNS Flood -- Help!
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jan 8 22:27:21 UTC 2002
Len Conrad wrote:
> >We run a DNS server of a colocated facility with 90Mb/s capable
> >throughput. We have recently been attacked by queries from the 'DNS
> >Abuser' exploit written some time ago
> >(http://www.securitybugware.org/mUNIXes/4198.html).
> >
> >Since we are DNS masters for many domains, we have to respond to DNS
> >quereies from anywhere and can not limit the service to some range of
> >source addresses.
> >
> >#1. Is there a way to make bind respond to only queries requesting
> >information about the zones which it is authoritative for, dropping the
> >rest?
>
> geez, of course.
>
> read about "options" allow-recursion; and recursion yes|no;
None of those stop named from _responding_ to the queries. The only thing
that will actually stop named from responding to the queries is the
"blackhole" option, but you can only specify that by source address or
address range, not by domain/zone. Sorry.
- Kevin
More information about the bind-users
mailing list