In message <232b45f8-acd3-427a-95e9-bc3ca5fc9...@newgeo.com>, Scott Haneda writ
es:
> Hello, looking at my logs today, I am getting hammered with these:
> 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517:
> query (cache) './NS/IN' denied
> 20-Jan-2009 15:39:06.790 security: info: client 66.230.128.15#31593:
> query (cache) './NS/IN' denied
>
> Repeated over and over, how do I tell what they are, and if they are
> bad, what is the best way to block them?
> --
> Scott
You should talk to your ISP to chase the traffic back to
its source and get BCP 38 implemented there. BCP 38 is ~10
years old now. There is no excuse for not filtering spoofed
traffic.
If the source doesn't want to implement BCP 38 then de-peering
the source should be considered.
Mark
http://www.ietf.org/rfc/rfc2267.txt January 1998
http://www.ietf.org/rfc/rfc2827.txt May 2000 (BCP 38)
http://www.ietf.org/rfc/rfc3704.txt March 2004 (BCP 84)
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
