Exceeding recursive client limit

Brad Knowles brad at stop.mail-abuse.org
Mon Jun 13 22:16:41 UTC 2005

At 2:52 PM -0400 2005-06-13, Rich Parkin wrote:

>  The offending IP is requesting the same domains over and over and over.  I =
>  assume that our customer has an infected host that's making these requests =
>  and they're just merrily forwarding them all my way.  Does anyone have any =
>  strategies for dealing with this?  Or am I just hosed and need to deny =
>  requests from the customer causing the issue?

	Firewall off that IP address, and don't allow them to go anywhere 
-- not on your internal network, not to the outside world.  When 
someone calls up and complains, tell them that they have to fix that 
machine.  Inform them that the next time their machine goes whacko, 
you will charge them for each and every packet that they generate. 
Even if it's just a penny per packet, that could be a lot of money, 
and they'll be likely to pay better attention to their machines.

	But your first responsibility is to protect your machines and 
your network against excessive abuse, both from the outside world as 
well as from your own customers.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list