How do I get named to not log events from certain IPs.
Mark Andrews
Mark_Andrews at isc.org
Tue Aug 1 00:26:02 UTC 2006
> In article <ealn4m$1s5l$1 at sf1.isc.org>,
> Doug Barton <dougb at dougbarton.us> wrote:
>
> > aarontheyoung at gmail.com wrote:
> > > Hello,
> > >
> > > I have been successful running named on debian for quite some time and
> > > have recently adjusted my config to only respond for the domains we are
> > > authoritative for. Now, I am
> > > getting TONS of hits to our name servers EVEN THOUGH they continue to
> > > be denied the same dumb boneheads keep trying to update and query our
> > > name server for hosts that we don't manage.
> >
> > Welcome to the wonderful world of DNS administration. :)
> >
> > > My hourly log reports are now pretty tough to go through with this
> > > extra "denied" entries all over the place. Is there a way to configure
> > > named to NOT log activity from certain IP addresses?
> >
> > You are better off blocking this sort of stuff with a firewall.
>
> What firewalls allow you to block DNS packets specifically by request
> type? They all use the same port numbers.
Choose the right firewall. ipfw + divert can do it.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list