Competitor using my DNS servers
Danny Mayer
mayer at gis.net
Sun Sep 1 01:33:56 UTC 2002
At 12:09 PM 8/31/02, NCKCN wrote:
>Danny,
>
>Thanks for all your help. I have blocked their entire domain at the router
>level with an access list:
>
>access-list 130 deny tcp <offending ip range> 0.0.0.255 eq 53 any
>access-list 130 deny udp <offending ip range> 0.0.0.255 eq 53 any
>
>Should do the trick. Our DNS servers (actually just TCP and UDP port 53)
>will not respond to anything from their ip range. We'll see what happens.
>
>Thanks,
>TKT
You should still limit recursion to your own IP addresses otherwise your
competitor could just get a new set of addresses that you don't know
about and start to use those or someone else could do the same thing.
You really only want to support your own users and your own domains.
Right now what you've done so far will create lots of additional support
costs for your competitor as his customers will be calling to find out
why they can't get to any web servers or send mail and they'll be
spending lots of time trying to find out what's wrong. That's good from
your point of view.
Danny
More information about the bind-users
mailing list