Hello Invalid DNS queries : non-existent domains that do not resolve to any IP as mentioned in the below example. We are trying to protect our DNS servers from a number of invalid dns queries targeting our caching server and originated from different source IPs. Is there any way to drop these requests based on the Query Access list from the DNS configuration file (named.conf)?
Example: Default Server: google-public-dns-a.google.com Address: DNS IP > invaliddnsqueries.com Server: google-public-dns-a.google.com Address: 8.8.8.8 *** DNS IP can't find invaliddnsqueries.com: Non-existent domain DNS query logs: 19-Jan-2015 15:44:08.519 queries: client IP#49791 (invaliddnsqueries.com): view zones: query: invaliddnsqueries.com IN A + (DNS IP) 19-Jan-2015 15:45:00.214 queries: client IP#49791 (invaliddnsqueries.com): view zones: query: invaliddnsqueries.com IN A + (DNS IP) 19-Jan-2015 15:46:08.100 queries: client IP#49791 (invaliddnsqueries.com): view zones: query: invaliddnsqueries.com IN A + (DNS IP) Regards Daniel -----Original Message----- From: Warren Kumari [mailto:war...@kumari.net] Sent: Wednesday, January 14, 2015 11:31 PM To: Daniel Dawalibi Cc: bind-users@lists.isc.org Subject: Re: reject invalid dns queries Perhaps if you explained a little more clearly what you are trying to accomplish you might get more replies... What are "invalid DNS queries"? What are they in the configuration? On Wed, Jan 14, 2015 at 5:53 AM, Daniel Dawalibi <daniel.dawal...@idm.net.lb> wrote: > Hello, > > > > > > Is there any solution to drop the invalid DNS queries from the BIND > configuration? > > > > > > > > Regards > > Daniel > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
