blocking a certain ip address *completely*

Kevin Darcy kcd at daimlerchrysler.com
Mon Jan 10 21:11:00 UTC 2000 

Bear in mind that once named has received the packet, half of the damage is
already done. It can simply ignore the packet (via the blackhole option),
thus conserving all of the resources associated with the reply, but it cannot
stop the packet arriving in the first place. If you want to conserve *all* of
named's resources, you need to block the query from getting to named in the
first place, e.g. via ipchains, as suggested.

I wonder if there is a way to *accept* the update in such a way as to make
the client implode? {evil grin}


- Kevin

Mark.Andrews at nominum.com wrote:

>         See "options { blackhole { ...}; };".
>
>         Mark
> >
> > Jurgen,
> >
> > You got ipchains on your machine? If so why dont you just create an
> > input policy that denies port 53 (or any) as a destination if the source
> > is said machine.
> >
> > Thats how i'd do it.
> >
> > N
> >
> > > -----Original Message-----
> > > From: Jurgen Philippaerts [mailto:jurgen at pophost.eunet.be]
> > > Sent: 10 January 2000 09:22
> > > To: comp-protocols-dns-bind at uunet.uu.net
> > > Subject: blocking a certain ip address *completely*
> > >
> > >
> > >
> > > Hi,
> > >
> > > some client of another isp, seems to be running windows 2000
> > > already :(
> > > my nameserver is bombarded with unapproved updates every couple of
> > > seconds.
> > > i have tried to contact that company, i have tried though their isp.
> > >
> > > now i just want to block his ip completely.
> > >
> > > jus t one little problem; i don't really know where to start.
> > > i thought it had something to do with the acl and deny.. but the
> > > documentation of bind is not so clear on that topic.
> > >
> > > can anyone shed some light on this ?
> > >
> > > ps: running bind 8.2.2-p5
> > >
> > > thanks,
> > > Jurgen.
> > > --
> > > Windows 2000: You want fries with that?
> > > Linux anubis 2.2.13 #1 Thu Nov 4 10:19:55 CET 1999 i686 unknown
> > >  11:23am  up 60 days, 20:33,  1 user,  load average: 1.05, 1.08, 1.11
> > >
> > >
> >
> >
> --
> Mark Andrews, Nominum Inc. / Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list