allow-query for non authoritative zones

Seme, Markus markus.seme at bearingpoint.com
Wed Aug 20 14:47:19 UTC 2003


Hi,
i want block queries from several, different Source-IP's (spoofed) to
the same domain ( DOS ).
The domain is not under my authorization - for example microsoft.com
!?

It's easy to konfigure BIND9 with acl and allow-query for local zones
( in my authorization ) - for example:

zone "local.com" {
	type master;
	file "local.com.zone";
	allow-query { none; };
};

But i haven't any idea how i should configure it to block the queries
for an domain who is not under my authorization !

Or is there any other way to block such DOS ?

Thanx ,

Markus





More information about the bind-users mailing list