RE: Deny query from a single IP

Thu, 26 Feb 2009 08:40:17 -0800 

That being said you CAN do what you asked:

Create an ACL in named.conf:

# Blackhats ACL - zones to be used in blackhole statement - will prevent

# them from being allowed to query and will not respond to them.
acl "blackhats" {
        xx.xx.xx.xx;
};

(Where you put the specific IP in place of the xx.xx.xx.xx.)

Then in options section add a line to use the ACL:
        blackhole { blackhats; };

-----Original Message-----
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Eric C. Davis
Sent: Thursday, February 26, 2009 11:24 AM
To: prana9...@yahoo.com
Cc: bind-users@lists.isc.org
Subject: Re: Deny query from a single IP

It is better do this with a real IPS rather than use your DNS server to 
do this.  You should avoid having any unwanted traffic hit you DNS 
servers ever.

Eric
Prabhat Rana wrote:
> Hello,
> I have BIND 9.5running on a Solaris10 box. It provides recursive DNS
service. I'm trying to implement a script where it reads the BIND stats
file for all the incoming queries and if there are too many queries from
a single user (source IP) it will block queries from that particular IP.
In order for this to occur is there a parameter similar to allow-query
that I can inject into the named.conf to block query from a single IP
address when this condition occurs? Basically I'm trying to add a tool
to detect potential DOS attacks where we see too many queries from one
single IP. Any other suggestions would also be appreciated.
>
> Thanks
> Prabhat.
>
>
>
>
>
>
>       
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>   

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
----------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to