patch for dropping unapproved queries
Denis Ducamp
Denis.Ducamp at hsc.fr
Fri Jun 30 23:53:47 UTC 2000
On Fri, Jun 30, 2000 at 04:30:10PM -0700, Joe Pruett wrote:
>
> and i guess i should have mentioned my reasoning behind this. i'm hoping
> that a long timeout delay from not getting an answer will either cause the
> resolvers to stop using me, or more likely will annoy the user enough that
> they'll change their settings :-).
I think that this patch can be usefull against been used to a denial of
service against someone else. Some queries of ns for tld or tld subdomains
may be 20 times larger than queries. Someone can query several open named
with a spoofed source address, generating a denial of service against that
IP.
This patch should /dev/null those queries whereas by now a closed named
generates errors which are sent to the victim. Those replies use bandwidth
too (2 times smaller than the requests).
Denis Ducamp.
More information about the bind-users
mailing list