Denial of Service
Kevin Darcy
kcd at daimlerchrysler.com
Mon Feb 26 23:51:44 UTC 2007
options {
directory ...;
...;
blackhole { 142.146.10.10; 142.135.34.45; 142.146.89.0/24;
142.146.99.0/16; };
};
(The "..." stuff needs to be filled in with your site-specific
information of course)
- Kevin
Nick Allum wrote:
> Thanks for all the responses,
>
> Does someone have an example with the syntax for the blackhole command.
> Would the following work
>
> Would I just need to add the following on my bind 9.2.3 configuration as
> an example.
>
> Blackhole {142.146.10.10; 142.135.34.45; 142.146.89.0/24;
> 142.146.99.0/16}
>
> Thanks
>
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Barry Margolin
> Sent: Friday, February 23, 2007 10:25 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Denial of Service
>
>
> In article <ernk1c$1tcf$1 at sf1.isc.org>,
> "Nick Allum" <Nick.Allum at rci.rogers.com> wrote:
>
>
>> Just had a quick question, at the Bind Level, if there was a possible
>> Denial of Service coming from only a handful of ip address, would I be
>>
>
>
>> able just to use an ACL to deny these or will my servers still be
>> flooded as it has to process the ACL? Of what would be the quickest
>> and easiest way to reduce the effect of some type of Denial of Service
>>
>
>
>> where I am getting large quantaties of requests from the same group of
>>
>
>
>> IPS.
>>
>
> As others have pointed out, it would be better to filter them upstream.
>
> Next best might be your OS's packet filtering. But filtering in BIND
> would be better than nothing, since it takes less work to check an
> against a filter than to actually perform the DNS processing, so the
> backlog will be smaller.
>
>
More information about the bind-users
mailing list