Avoiding being used as DDoS reflector.
Leonardo Rodrigues Magalhães
leolistas at solutti.com.br
Mon Jan 19 10:02:36 UTC 2009
Nathan Ollerenshaw escreveu:
>
> I have an Authoritative BIND server. It is configured to only allow
> recursive queries from localhost, with recursion disabled for any
> remote clients.
>
> If you attempt to perform a recursive query against this server, it
> will respond with a "query refused" packet, as this is what BIND does
> if you try to recursively query a server configured to disallow
> recursive queries.
> [ ........ ]
> Any ideas? Anyone facing this same problem found a solution? I'd be
> glad to hear it :)
>
if you're running authoritative only for localhost and is not
answering network requests at all, then you could probably firewall
incoming packets to UDP 53 port !!! Let the responses in, let the new
requests out.
i cant imagine anything simplier than that.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes at solutti.com.br
My SPAMTRAP, do not email it
More information about the bind-users
mailing list