Script-kiddie / client <IP> query (cache) '<host>/MX/IN' denied
Sten Carlsen
stenc at s-carlsen.dk
Wed Aug 4 12:36:50 UTC 2010
You may want to consider how to trigger removal of this blocking when
the problem has gone away and the address is again used responsibly.
Maybe add a log statement with a limitation of one per day and checking
that this is no longer seen for some time? IPTABLES can do the logging.
On 04/08/10 11:00, Denis BUCHER wrote:
> Le 03.08.2010 21:25, Kevin Darcy a écrit :
>>>>> I would like to know if I can block hosts doing that at the level of
>>>>> /etc/hosts.allow or should I do it at the level of Bind itself ?
>>>> Use IPTables or add rules to your firewall. I don't believe that BIND
>>>> pays any attention to /etc/hosts.allow
>>>
>>> Yes I tried iptables, it is working perfectly, and /etc/hosts.allow
>>> does not look to be working. This was pefect :
>>>
>>> iptables -I INPUT 3 -p tcp -s 202.152.172.4 --dport 53 -j DROP
>>>
>> I'm no iptables experts, but doesn't that only apply to TCP packets?
>
> Dear Kevin,
>
> Yes sorry, in fact I also should add a rule for UDP :
>
>> iptables -I INPUT 3 -p udp -s 202.152.172.4 --dport 53 -j DROP
>
> Or : (all ports)
>
>> iptables -I INPUT 3 -s 202.152.172.4 -j DROP
>
> Thanks a lot !
>
> Denis
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100804/f006fbd4/attachment.html>
More information about the bind-users
mailing list