Dropping request packets
Kevin Darcy
kcd at daimlerchrysler.com
Mon Apr 19 22:05:23 UTC 2004
Barry Margolin wrote:
>In article <c616pf$2iub$1 at sf1.isc.org>,
> "Soraia Zlatkovic (sopaz)" <sopaz at cisco.com> wrote:
>
>
>
>>Is there a way to configure BIND (doesn't matter which version) to drop
>>packets or refuse requests
>>coming from a particular client?
>>
>>
>
>Yes, the "allow-query" option.
>
allow-query can refuse requests, i.e. send back a REFUSED response. If
you actually want to just drop the request, you can use the "blackhole"
option, but it's a lot less flexible, i.e. you can only "blackhole"
globally (not per-zone) and only by source IP address or address range
(allow-query also permits or denies access control by crypto key).
-Kevin
More information about the bind-users
mailing list