change in reverse dns lookup behavior
Barry Margolin
barmar at alum.mit.edu
Sat May 14 01:00:46 UTC 2005
In article <d62g9j$2485$1 at sf1.isc.org>,
"Stafford, Paige L." <staffordp1 at ornl.gov> wrote:
> 210.146.35.35 stepped through our entire 128.219/16 address space
> yesterday asking for reverse DNS lookups. It started at 16:06 and ended
> at 20:34. This is the equivalent of a zone transfer.=20
>
> I'm looking for a clever way of stopping this. And if we can't, we want
> to at least slow it down. Creating dummy records for the unused IP
> addresses has not been effective. =20
>
> *Any* ideas you have would be most welcome.
Maybe there's an IDS that recognizes this type of traffic. I can't
think of any way to solve it with any built-in BIND options.
P.S. What does this have to do with reverse DNS of 10.x.x.x? Please
don't hijack threads with unrelated questions.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list