blocking queries
Kevin Darcy
kcd at daimlerchrysler.com
Mon Dec 13 22:34:10 UTC 1999
What do you mean by "block"? There's nothing in named -- other than of
course limiting the addresses and/or ports that it listens on -- that
can stop query packets coming to its port, but other tools (tcpwrap,
perhaps?), as well as network hardware like routers, can do filtering
based on source address/destination port combinations.
If it is sufficient to simply not respond to queries from a particular
IP address, you can use the "blackhole" option. A less drastic
alternative is to disallow recursion for the specified client, via the
allow-recursion ACL, but in that case you'll still answer from
authoritative or cached data so I find this is to be of limited
usefulness.
- Kevin
Andrew wrote:
> Is there a directive I can put somewhere to block
> queries from a specific IP address?
>
> Andrew
More information about the bind-users
mailing list