reject invalid dns queries
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Jan 20 10:11:37 UTC 2015
On 20.01.15 10:53, Daniel Dawalibi wrote:
>Allow-query is only allowed for specified IP defined in the allow-query
>statement.
so, how exactly do errors in log look like?
Maybe you need to disallow queries at firewall level...
>On 19.01.15 16:14, Daniel Dawalibi wrote:
>>Invalid DNS queries : non-existent domains that do not resolve to any
>>IP as mentioned in the below example.
>
>you should better not use this definition.
>
>>We are trying to protect our DNS servers from a number of invalid dns
>>queries targeting our caching server and originated from different
>>source IPs. Is there any way to drop these requests based on the
>>Query Access list from the DNS configuration file (named.conf)?
>
>you can NOT know if a hostname exists before you try to resolve it. After
>that, you can't block it anymore.
>
>do you allow recursion for remote clients? (recursion and allow-recursion
>statemends)
>Do you allow DNS access from remote clients? (allow-query statement)
>
>Perhaps denying remote clients from even accessing your caching server would
>help you with this problem.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
More information about the bind-users
mailing list