On 03.08.10 18:01, Denis BUCHER wrote: > I have a question, it's not really a big problem, but it's annoying. > > In the logs I get plenty of lines like : >> client 202.152.172.4 query (cache) 'denkstelle.de/MX/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'denkstunde.de/MX/IN' denied: 2 Time(s) >> client 202.152.172.4 query (cache) 'denktag.de/MX/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'denkweise-hosting.de/MX/IN' denied: 1 >> Time(s) >> client 202.152.172.4 query (cache) 'denkwerk-berlin.de/MX/IN' denied: 2 >> Time(s) >> client 202.152.172.4 query (cache) 'dj-falk.de/MX/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'dns01-tld.t-online.de/A/IN' denied: 1 >> Time(s) >> client 202.152.172.4 query (cache) 'dns1.pro.vider.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'dns2.luact.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'dns6.pro.vider.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'docks10.rzone.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'docks18.rzone.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'docks19.rzone.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'docks20.rzone.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'f.nic.de/A/IN' denied: 1 Time(s) >> client 202.152.172.4 query (cache) 'flashit.de/MX/IN' denied: 5 Time(s) > > This seems to be due to a script-kiddie.
I don't think so. It may be someone who used your server when connected to your network and didn't change resolvers list after, someone who mistyped IP address, or someone who guessed that your server might provide recursive DNS for him (because of any reason). > I would like to know if I can block hosts doing that at the level of > /etc/hosts.allow or should I do it at the level of Bind itself ? hosts.allow is configuration of tcp wrappers library which is NOT used by bind nor by some other software. For abusers sending too many requests I have created special view containing only root zone with * pointing to localhost address. While this is quite BOFHish, it works. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows." _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
