Script-kiddie / client <IP> query (cache) '<host>/MX/IN' denied

Lightner, Jeff jlightner at water.com
Tue Aug 3 20:22:24 UTC 2010 

2 rules aren't needed if you don't specify protocol and port in the first one.  It simply drops ALL traffic from that IP.

-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Lyle Giese
Sent: Tuesday, August 03, 2010 4:18 PM
To: bind-users at lists.isc.org
Subject: Re: Script-kiddie / client <IP> query (cache) '<host>/MX/IN' denied

Kevin Darcy wrote:
> On 8/3/2010 3:03 PM, Denis BUCHER wrote:
>> Dear Lyle,
>>
>> Le 03.08.2010 18:17, Lyle Giese a écrit :
>>>> I would like to know if I can block hosts doing that at the level of
>>>> /etc/hosts.allow or should I do it at the level of Bind itself ?
>>> Use IPTables or add rules to your firewall. I don't believe that BIND
>>> pays any attention to /etc/hosts.allow
>>
>> Yes I tried iptables, it is working perfectly, and /etc/hosts.allow 
>> does not look to be working. This was pefect :
>>
>> iptables -I INPUT 3 -p tcp -s 202.152.172.4 --dport 53 -j DROP
>>
> I'm no iptables experts, but doesn't that only apply to TCP packets?
>
>                                                                         
>                                                                     - 
> Kevin
>
Good catch, Kevin!

You are right, he should add two rules, one for tcp and one for udp.

Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list