stomping forwarders
Randy Bush
randy at psg.com
Thu Dec 16 13:36:29 UTC 1999
some inconsiderate folk point their resolvers at servers which it is not
possible to hide (i'm not going to house an extra hidden machine just to
be an in-house server). in one case, over 10% of the *total* inbound
packets to a lan were from one dns abuser.
i can filter them at the border router. this is hokey, and if they are
not watching their systems and have a second server configured, they may
never notice. the >10% resolver mentioned above is still hammering away
despite being blocked for a week.
i would love to give bind a list of IPs for which recursive requests
will not be honored, but rather have nxdomain returned. or the inverse,
a set of ip ranges for which recursion will be honored and the rest are
given the nasties.
clues?
randy
More information about the bind-users
mailing list