reject invalid dns queries
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Jan 19 15:20:50 UTC 2015
On 19.01.15 16:14, Daniel Dawalibi wrote:
>Invalid DNS queries : non-existent domains that do not resolve to any IP as
> mentioned in the below example.
you should better not use this definition.
>We are trying to protect our DNS servers from a number of invalid dns
> queries targeting our caching server and originated from different source
> IPs. Is there any way to drop these requests based on the Query Access
> list from the DNS configuration file (named.conf)?
you can NOT know if a hostname exists before you try to resolve it. After
that, you can't block it anymore.
do you allow recursion for remote clients? (recursion and allow-recursion
statemends)
Do you allow DNS access from remote clients? (allow-query statement)
Perhaps denying remote clients from even accessing your caching server would
help you with this problem.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
More information about the bind-users
mailing list