DNS Sinkhole in BIND
Michelle Konzack
linux4michelle at tamay-dogan.net
Thu Oct 27 01:00:48 UTC 2011
Hello Lightner, Jeff,
Am 2011-10-17 13:28:43, hacktest Du folgendes herunter:
> While setting up blackholes in BIND works fine when I did this on
> Linux I found that setting up iptables to do drops for known bad
> IPs/ranges was slightly better as the traffic never gets to BIND in
> the first place as it is stopped at kernel level. It simply DROPs the
> packet without telling the bad guys why packets didn't go through.
>
> Example rules for various IPs that have annoyed me in the past:
> -A RH-Firewall-1-INPUT -s 68.222.240.22 -j DROP
> -A RH-Firewall-1-INPUT -s 203.142.82.222 -j DROP
> -A RH-Firewall-1-INPUT -s 217.54.97.137 -j DROP
> -A RH-Firewall-1-INPUT -s 217.219.20.226 -j DROP
> -A RH-Firewall-1-INPUT -s 218.212.248.7 -j DROP
...and you get the hell on you ass if you have several 1000 of them!
In this case, bind9 with RPZ is cheaper.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
Internet Service Provider, Cloud Computing
<http://www.itsystems.tamay-dogan.net/>
itsystems at tdnet Jabber linux4michelle at jabber.ccc.de
Owner Michelle Konzack
Gewerbe Strasse 3 Tel office: +49-176-86004575
77694 Kehl Tel mobil: +49-177-9351947
Germany Tel mobil: +33-6-61925193 (France)
USt-ID: DE 278 049 239
Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111027/b0658d21/attachment.bin>
More information about the bind-users
mailing list