Preventing the 'other' type of zone transfer
mayer
mayer at gis.net
Fri May 13 21:25:38 UTC 2005
----- Original Message Follows -----
> 210.146.35.35 stepped through our entire 128.219/16=20
> address space yesterday asking for reverse DNS lookups. =20
> It started at 16:06 and ended at 20:34. This is the=20
> equivalent of a zone transfer.=20
> =20
> I'm looking for a clever way of stopping this. And if we=20
> can't, we want to at least slow it down. Creating dummy=20
> records for the unused IP addresses has not been effective. =20
>
options {
blackhole {210.146.35.35;};
}
Then the server won't respond to any queries from that address.
Of course that means all queries and not just for your reverse
zone. Expect to have to add to the list when they figure out
that you're block that IP address. You can of course do this at
the router level before it even hits your servers.
Danny
> *Any* ideas you have would be most welcome.
> =20
>
> Paige Stafford
> DNS administrator, ORNL
> staffordp1 at ornl.gov
>
>
More information about the bind-users
mailing list