Slowing down bind answers
Bob McDonald
bmcdonaldjr at gmail.com
Mon Jan 6 15:23:47 UTC 2014
Of course, anycast would have solved this issue by allowing one to
add/remove a server from a properly configured environment without
affecting the clients...
> On 03/01/2014 18:00, WBrown at e1b.org wrote:
>> From: Mark Andrews <marka at isc.org>
>>> After that specify a final date for them to fix their machines by
>>> after which you will send NXDOMAIN responses. Sometimes sending a
>>> poisoned reponse is the only way to get peoples attention.
>>>
>>> zone "." {
>>> type master;
>>> file "empty";
>>> };
>>>
>>> empty:
>>> @ 0 IN SOA . stop.using.this.nameserver 0 0 0 0 0
>>> @ 0 IN NS .
>>> @ 0 IN A 127.0.0.1
>>
>> Or really mess with them and answer all A queries with 199.181.132.249
>
> It's not a bad idea. I could wildcard all requests to an internal HTTP
> server saying that the DNS configuration of the client is deprecated.
>
>
Regards,
Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140106/12d7d85d/attachment.html>
More information about the bind-users
mailing list