Script-kiddie / client <IP> query (cache) '<host>/MX/IN' denied
Denis BUCHER
dbucherml at hsolutions.ch
Wed Aug 4 09:00:06 UTC 2010
Le 03.08.2010 21:25, Kevin Darcy a écrit :
>>>> I would like to know if I can block hosts doing that at the level of
>>>> /etc/hosts.allow or should I do it at the level of Bind itself ?
>>> Use IPTables or add rules to your firewall. I don't believe that BIND
>>> pays any attention to /etc/hosts.allow
>>
>> Yes I tried iptables, it is working perfectly, and /etc/hosts.allow
>> does not look to be working. This was pefect :
>>
>> iptables -I INPUT 3 -p tcp -s 202.152.172.4 --dport 53 -j DROP
>>
> I'm no iptables experts, but doesn't that only apply to TCP packets?
Dear Kevin,
Yes sorry, in fact I also should add a rule for UDP :
> iptables -I INPUT 3 -p udp -s 202.152.172.4 --dport 53 -j DROP
Or : (all ports)
> iptables -I INPUT 3 -s 202.152.172.4 -j DROP
Thanks a lot !
Denis
More information about the bind-users
mailing list