Denial of Service

[Nick Allum]

Thanks for all the responses,

Does someone have an example with the syntax for the blackhole command.
Would the following work

Would I just need to add the following on my bind 9.2.3 configuration as
an example.

Blackhole {142.146.10.10; 142.135.34.45; 142.146.89.0/24;
142.146.99.0/16}

Thanks


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Barry Margolin
Sent: Friday, February 23, 2007 10:25 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: Denial of Service


In article <ernk1c$1tcf$1 at sf1.isc.org>,
 "Nick Allum" <Nick.Allum at rci.rogers.com> wrote:

> Just had a quick question, at the Bind Level, if there was a possible 
> Denial of Service coming from only a handful of ip address, would I be

> able just to use an ACL to deny these or will my servers still be 
> flooded as it has to process the ACL? Of what would be the quickest 
> and easiest way to reduce the effect of some type of Denial of Service

> where I am getting large quantaties of requests from the same group of

> IPS.

As others have pointed out, it would be better to filter them upstream.

Next best might be your OS's packet filtering.  But filtering in BIND 
would be better than nothing, since it takes less work to check an 
against a filter than to actually perform the DNS processing, so the 
backlog will be smaller.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***