9.3.0 and DNS REQUEST
Mark Andrews
Mark_Andrews at isc.org
Fri Nov 12 03:33:41 UTC 2004
> I have noticed that some spammers have been trying to grab all my zone
> information (But not a XFR)...and the cisco IDS box I have logs this:
>
> DNS REQUEST ALL
>
> I can duplicate this:
>
> #nslookup
> server dns1.domain.com
> set q=any
> domain.com
>
> and as expected the entire DNS record is presented.
>
> Is there any way to stop this within BIND? - I can DROP the packet using
> IDS on the Cisco, but my 3rd DNS server is located in a system that I
> cannot do this in...
>
> Any advice would be appreciated!
Don't bother blocking ANY queries. It is trivial to enumerate
(the useful) type space. If there is anything there you don't
want to be seen remove it from the zone.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list