On 1/19/15 9:14 AM, Daniel Dawalibi wrote: > Invalid DNS queries : non-existent domains that do not resolve to any > IP as mentioned in the below example. We are trying to protect our > DNS servers from a number of invalid dns queries targeting our > caching server and originated from different source IPs. Is there any > way to drop these requests based on the Query Access list from the > DNS configuration file (named.conf)?
Those aren't "invalid DNS queries", they are queries that return an NXDOMAIN response. Quite different and completely legal (and required) to have DNS work correctly. Are these queries coming from inside your network? If so, find the machines that are generating them (assuming they are actually in massive numbers) and fix the problem. If they are coming from outside your network, create ACLs that restrict queries to only your clients and ... voila, problem solved. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
