reject invalid dns queries
Daniel Dawalibi
daniel.dawalibi at idm.net.lb
Tue Jan 20 08:53:27 UTC 2015
Hello
Allow-query is only allowed for specified IP defined in the allow-query
statement.
Regards
Daniel
-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Matus UHLAR -
fantomas
Sent: Monday, January 19, 2015 5:21 PM
To: bind-users at lists.isc.org
Subject: Re: reject invalid dns queries
On 19.01.15 16:14, Daniel Dawalibi wrote:
>Invalid DNS queries : non-existent domains that do not resolve to any
>IP as mentioned in the below example.
you should better not use this definition.
>We are trying to protect our DNS servers from a number of invalid dns
>queries targeting our caching server and originated from different
>source IPs. Is there any way to drop these requests based on the
>Query Access list from the DNS configuration file (named.conf)?
you can NOT know if a hostname exists before you try to resolve it. After
that, you can't block it anymore.
do you allow recursion for remote clients? (recursion and allow-recursion
statemends)
Do you allow DNS access from remote clients? (allow-query statement)
Perhaps denying remote clients from even accessing your caching server would
help you with this problem.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list