DNS/Bind Blackhole - Not MX
Enrico Weigelt
weigelt at metux.de
Mon Dec 26 05:50:06 UTC 2005
* Barry Margolin <barmar at alum.mit.edu> wrote:
<snip>
> I think it's usually used in response to special circumstances. For
> instance, if you discover that a server is trying to poison cache, or
> it's bombarding you with lots of inappropriate queries, you may want to
> blackhole it.
I personally would let the packet filter take care of them.
Simply drop DNS packets by the kernel instead of having bind
to worry about them.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact at metux.de
---------------------------------------------------------------------
Realtime Forex/Stock Exchange trading powered by postgresSQL :))
http://www.fxignal.net/
---------------------------------------------------------------------
More information about the bind-users
mailing list