DNS/Bind Blackhole - Not MX
Sir Galahad
sgalahad at rcn.com
Mon Dec 26 13:57:33 UTC 2005
Let me rephrase my question that may make more sense.
Regarding the state of DNS on the web, how do current big companies deal
with the possibilities of traffic-stealing, DNS-theft, inaccurate DNS on
name servers across the web, etc?
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
Of Enrico Weigelt
Sent: Monday, December 26, 2005 12:50 AM
To: comp-protocols-dns-bind at isc.org
Subject: Re: DNS/Bind Blackhole - Not MX
* Barry Margolin <barmar at alum.mit.edu> wrote:
<snip>
> I think it's usually used in response to special circumstances. For
> instance, if you discover that a server is trying to poison cache, or
> it's bombarding you with lots of inappropriate queries, you may want to
> blackhole it.
I personally would let the packet filter take care of them.
Simply drop DNS packets by the kernel instead of having bind
to worry about them.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact at metux.de
---------------------------------------------------------------------
Realtime Forex/Stock Exchange trading powered by postgresSQL :))
http://www.fxignal.net/
---------------------------------------------------------------------
More information about the bind-users
mailing list