Deny query from a single IP
Eric C. Davis
eric at mail.rockefeller.edu
Thu Feb 26 16:23:49 UTC 2009
It is better do this with a real IPS rather than use your DNS server to
do this. You should avoid having any unwanted traffic hit you DNS
servers ever.
Eric
Prabhat Rana wrote:
> Hello,
> I have BIND 9.5running on a Solaris10 box. It provides recursive DNS service. I'm trying to implement a script where it reads the BIND stats file for all the incoming queries and if there are too many queries from a single user (source IP) it will block queries from that particular IP. In order for this to occur is there a parameter similar to allow-query that I can inject into the named.conf to block query from a single IP address when this condition occurs? Basically I'm trying to add a tool to detect potential DOS attacks where we see too many queries from one single IP. Any other suggestions would also be appreciated.
>
> Thanks
> Prabhat.
>
>
>
>
>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list