Here is something I put together to block some malicious SERVFAILS we have been seeing coming from exploited customers. Currently geared towards bind but could by easily adapted to work with out dns servers.
Basically it listens to the interface for SERVFAIL traffic matching against a pattern. Once it hits a definable threshold it will add them to a zone file to be blocked. You could collect stats from this if you like and add to firewalls or notify your customers, etc. https://github.com/willt/dnsbff Let me know what you think. Thanks, William _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
