Avoiding being used as DDoS reflector.
Leonardo Rodrigues Magalhães
leolistas at solutti.com.br
Mon Jan 19 10:11:58 UTC 2009
Leonardo Rodrigues Magalhães escreveu:
>
>
> Nathan Ollerenshaw escreveu:
>>
>> I have an Authoritative BIND server. It is configured to only allow
>> recursive queries from localhost, with recursion disabled for any
>> remote clients.
>>
>> If you attempt to perform a recursive query against this server, it
>> will respond with a "query refused" packet, as this is what BIND does
>> if you try to recursively query a server configured to disallow
>> recursive queries.
>> [ ........ ]
>> Any ideas? Anyone facing this same problem found a solution? I'd be
>> glad to hear it :)
>>
>
> if you're running authoritative only for localhost and is not
> answering network requests at all, then you could probably firewall
> incoming packets to UDP 53 port !!! Let the responses in, let the new
> requests out.
>
> i cant imagine anything simplier than that.
>
even simplier than that would be:
options {
...
listen-on { 127.0.0.1; };
....
};
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes at solutti.com.br
My SPAMTRAP, do not email it
More information about the bind-users
mailing list