Denial of Service

[Kevin Darcy]

options {
directory ...;
...;
blackhole { 142.146.10.10; 142.135.34.45; 142.146.89.0/24; 
142.146.99.0/16; };
};

(The "..." stuff needs to be filled in with your site-specific 
information of course)

- Kevin

Nick Allum wrote:
> Thanks for all the responses,
>
> Does someone have an example with the syntax for the blackhole command.
> Would the following work
>
> Would I just need to add the following on my bind 9.2.3 configuration as
> an example.
>
> Blackhole {142.146.10.10; 142.135.34.45; 142.146.89.0/24;
> 142.146.99.0/16}
>
> Thanks
>
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Barry Margolin
> Sent: Friday, February 23, 2007 10:25 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Denial of Service
>
>
> In article <ernk1c$1tcf$1 at sf1.isc.org>,
>  "Nick Allum" <Nick.Allum at rci.rogers.com> wrote:
>
>   
>> Just had a quick question, at the Bind Level, if there was a possible 
>> Denial of Service coming from only a handful of ip address, would I be
>>     
>
>   
>> able just to use an ACL to deny these or will my servers still be 
>> flooded as it has to process the ACL? Of what would be the quickest 
>> and easiest way to reduce the effect of some type of Denial of Service
>>     
>
>   
>> where I am getting large quantaties of requests from the same group of
>>     
>
>   
>> IPS.
>>     
>
> As others have pointed out, it would be better to filter them upstream.
>
> Next best might be your OS's packet filtering.  But filtering in BIND 
> would be better than nothing, since it takes less work to check an 
> against a filter than to actually perform the DNS processing, so the 
> backlog will be smaller.
>
>