blocking resolving for 10.X.X.X addresses
Gerald Waugh
gwaugh at frontstreetnetworks.com
Mon Oct 28 13:10:13 UTC 2002
On Mon, 28 Oct 2002, Steve Foster wrote:
>
> Hi there,
>
>
> basically our customers have our resolver listed to resolve from, however
> some obviously want to resolve private addresses locally, which is fair
> enough, simple client change, however if for some reason the private
> address isn't resolvable locally, then their request will hit our
> resolvers, which are trying to doa lookup on the net before eventually
> timing out...this can take up to 2 mins...i just basically want to either
> dump these requests or give a null result back to the client from our
> resolvers..
How about using ipchains/iptables and block access to port 53 for those ip
addresses.
Gerald
More information about the bind-users
mailing list