DNS Server

Agarwal Vivek-RNGB36 RNGB36 at motorola.com
Wed Oct 7 13:52:12 UTC 2009


Thanks Yohann 

Regards
Vivek Aggarwal
+973-36583058 



-----Original Message-----
From: Yohann LEPAGE [mailto:yohann.lepage at laposte.fr] 
Sent: Wednesday, October 07, 2009 4:52 PM
To: Agarwal Vivek-RNGB36
Cc: bind-users at lists.isc.org
Subject: Re: DNS Server

Agarwal Vivek-RNGB36 a écrit :
> Thanks for the response . Iam using Linux box. The issue is the list 
> for blocking the DNS Servers is huge. Do you have much idea on bind 
> directive
> 
> Can anyone help me in bind directive. I v never used it

There is an example here[0], "7.1 Access Control Lists" :


// Set up an ACL named "bogusnets" that will block RFC1918 space, // which is commonly used in spoofing attacks.
acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; // Set up an ACL called our-nets. Replace this with the real IP numbers.
acl our-nets { x.x.x.x/24; x.x.x.x/21; }; options { ...
...
allow-query { our-nets; };
allow-recursion { our-nets; };
...
blackhole { bogusnets; };
...
};
zone "example.com" {
type master;
file "m/example.com";
allow-query { any; };
};



[0] : https://www.isc.org/files/Bv9.3ARM.pdf


> Thanks
> 
> Regards
> Vivek Aggarwal
> +973-36583058
> 
> 
> 
> -----Original Message-----
> From: Todd Snyder [mailto:tsnyder at rim.com]
> Sent: Wednesday, October 07, 2009 4:38 PM
> To: Agarwal Vivek-RNGB36; bind-users at lists.isc.org
> Subject: RE: DNS Server
> 
> There are a few approaches you could take, and it depends on what you are trying to do.
> 
> If you are actually trying to block traffic to a specific server/servers, I'd say use a firewall.  If you're running on a linux box, it's pretty easy:
> 
> http://www.cyberciti.biz/faq/howto-null-route-an-attackers-ip/
> 
> Failing that, I believe there is a bind directive (blackhole) that might do what you want, but I've never looked into it.
> 
> Finally, if you are simply trying to block certain domains, you could load them as master zones on your server and leave them blank.
> 
> Cheers,
> 
> Todd.
> 
> 
> 
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org 
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Agarwal 
> Vivek-RNGB36
> Sent: Wednesday, October 07, 2009 8:46 AM
> To: bind-users at lists.isc.org
> Subject: DNS Server
> 
> Hi All
> 
> Im using a BIND 9.3. I have been asked to block the responses from 
> some of the DNS Servers in the internet. Is there any way how can I do 
> that
> 
> Regards
> Vivek Aggarwal
> +973-36583058
> 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

--
La Poste\DISIT\ETU\IQI\INGS



More information about the bind-users mailing list