Catch All Server - Null MX Setup

Kevin Darcy kcd at daimlerchrysler.com
Fri Sep 30 23:57:53 UTC 2005


WiNNie wrote:

>The Name Servers are being used for a domain parking program, there is
>no email, so MX is of no use. My dedicated Name Servers are currently
>trying to cope with a throughput of 200-300k of data per second
>primarily on MX and AAAA record lookups, they are never followed up by
>an email or a visit to the relevant domain. It is basically an attack
>of some sort, so by shutting off the MX lookups I should be able to
>reduce the throughput, the AAAA lookups are a different case though as
>i cant simply shut them off.
>
Well, if they're not actually using the results of MX records for mail, 
and they'be basically just attacking you, how does it help to give them 
bogus results? If it's a relatively small number of clients or client 
ranges that are doing this, you could block the queries with 
allow-query, which can be specified at a zone level, and will save you a 
little bandwidth since REFUSED packets are smaller than data-bearing 
packets, or if you want to just snub them for everything, use blackhole, 
which nixes all return traffic and saves you a bunchload of bandwidth...

                                                                         
                                                   - Kevin




More information about the bind-users mailing list