Dropping request packets
Soraia Zlatkovic (sopaz)
sopaz at cisco.com
Tue Apr 20 14:17:58 UTC 2004
Thanks to all who responded.
The "blackhole" option is what I was looking for.
At 06:05 PM 4/19/2004 -0400, Kevin Darcy wrote:
>Barry Margolin wrote:
>
> >In article <c616pf$2iub$1 at sf1.isc.org>,
> > "Soraia Zlatkovic (sopaz)" <sopaz at cisco.com> wrote:
> >
> >
> >
> >>Is there a way to configure BIND (doesn't matter which version) to drop
> >>packets or refuse requests
> >>coming from a particular client?
> >>
> >>
> >
> >Yes, the "allow-query" option.
> >
>allow-query can refuse requests, i.e. send back a REFUSED response. If
>you actually want to just drop the request, you can use the "blackhole"
>option, but it's a lot less flexible, i.e. you can only "blackhole"
>globally (not per-zone) and only by source IP address or address range
>(allow-query also permits or denies access control by crypto key).
>
>
> -Kevin
More information about the bind-users
mailing list