Dropping request packets
David Botham
DBotham at OptimusSolutions.com
Wed Apr 21 12:50:07 UTC 2004
bind-users-bounce at isc.org wrote on 04/21/2004 04:46:45 AM:
> >>>>> "Weldon" == Weldon Goree <weldon at weldongoree.com> writes:
>
> Weldon> What BIND configuration do you know of that will prevent,
> Weldon> say, someone at 192.168.1.27 from running nslookup using
> Weldon> your nameserver?
Jim is absolutely right in that you can't stop someone from running
nslookup. However, you can use the allow-query and allow-recursion
options to limit their ability to sucessfully query your name serves.
Dave...
>
> There is nothing a name server or any firewall or router can do about
> that. The only way of stopping someone/something running nslookup at
> 192.168.1.27 will be through some OS controls on that box.
>
> >> BIND has no way of rate-limiting inbound queries or TCP
> >> connections. This is something a router or firewall does.
>
> Weldon> eh?
>
> Weldon> options {
> Weldon> tcp-clients 750;
>
[clip...]
More information about the bind-users
mailing list