You can blacklist things in named.conf but we've found it more efficient to simply have iptables drop packets from the offending IPs so they never even get to BIND.
-----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Jeff Pang Sent: Wednesday, May 25, 2011 6:54 AM To: Niall O'Reilly Cc: bind-users Subject: Re: DNS attacking 2011/5/25 Niall O'Reilly <niall.orei...@ucd.ie>: > > > Which of your DNS systems: resolvers or authoritative? > > Where is the source of the attack: within your (or your > customers') networks, or out on the Internet? > Thanks. My nameservers are authoritative server only. -- Jeff Pang www.DNSbed.com _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
