How to block DNS record scans ?
Brett
brettcarr at ripe.net
Wed Apr 20 06:36:11 UTC 2005
On Wed, 20 Apr 2005, Sylvan Andrew wrote:
>
> Hello,
>
> Is their anyone who could help us it would be much appreciated. Two of
> our DNS servers are continually getting scanned with some type of script
> that trys every combination possible from A-Z.
> Rather than limit the amount of DNS requests our servers handle on a time
> basis is there anyone who knows a way to modify the response to a entry
> record not being found ?
> Basically we'd want it so that if it was a valid entry bind would reply
> straight away, if it was a invalid entry we'd like rather than a immediate
> 'not found' response to modify it so it just times out.
> Does anyone have and ideas where in Bind we could modify it to do this ?
> Does anyone have any other ideas to combat this problem ?
>
Find out the ip of the user scanning your domain, report them to their
provider for abuse and then blackhole them on your server.
--
Brett Carr Ripe Network Coordination Centre
System Engineer -- Operations Group Singel 258 Amsterdam NL
> Thanks for your time.
>
> Regards
>
> Sylvan
>
>
>
More information about the bind-users
mailing list