Denial of Service

Nick Allum Nick.Allum at
Mon Feb 26 14:41:12 UTC 2007

Thanks for all the responses,

Does someone have an example with the syntax for the blackhole command.
Would the following work

Would I just need to add the following on my bind 9.2.3 configuration as
an example.

Blackhole {;;;}


-----Original Message-----
From: bind-users-bounce at [mailto:bind-users-bounce at] On
Behalf Of Barry Margolin
Sent: Friday, February 23, 2007 10:25 PM
To: comp-protocols-dns-bind at
Subject: Re: Denial of Service

In article <ernk1c$1tcf$1 at>,
 "Nick Allum" <Nick.Allum at> wrote:

> Just had a quick question, at the Bind Level, if there was a possible 
> Denial of Service coming from only a handful of ip address, would I be

> able just to use an ACL to deny these or will my servers still be 
> flooded as it has to process the ACL? Of what would be the quickest 
> and easiest way to reduce the effect of some type of Denial of Service

> where I am getting large quantaties of requests from the same group of

> IPS.

As others have pointed out, it would be better to filter them upstream.

Next best might be your OS's packet filtering.  But filtering in BIND 
would be better than nothing, since it takes less work to check an 
against a filter than to actually perform the DNS processing, so the 
backlog will be smaller.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list