DNS Sinkhole in BIND
JLightner at water.com
Thu Oct 27 13:24:17 UTC 2011
Rather a late response I think.
When I setup the rules I spoke about RPZ was just a gleam in someone's eyes.
My post discussed the relative merit of iptables vs. blackholes and didn't mention RPZ. RPZ may be a better solution but it requires one to stop and upgrade BIND to get it.
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Michelle Konzack
Sent: Wednesday, October 26, 2011 9:01 PM
To: bind-users at lists.isc.org
Subject: Re: DNS Sinkhole in BIND
Hello Lightner, Jeff,
Am 2011-10-17 13:28:43, hacktest Du folgendes herunter:
> While setting up blackholes in BIND works fine when I did this on
> Linux I found that setting up iptables to do drops for known bad
> IPs/ranges was slightly better as the traffic never gets to BIND in
> the first place as it is stopped at kernel level. It simply DROPs the
> packet without telling the bad guys why packets didn't go through.
> Example rules for various IPs that have annoyed me in the past:
> -A RH-Firewall-1-INPUT -s 188.8.131.52 -j DROP
> -A RH-Firewall-1-INPUT -s 184.108.40.206 -j DROP
> -A RH-Firewall-1-INPUT -s 220.127.116.11 -j DROP
> -A RH-Firewall-1-INPUT -s 18.104.22.168 -j DROP
> -A RH-Firewall-1-INPUT -s 22.214.171.124 -j DROP
...and you get the hell on you ass if you have several 1000 of them!
In this case, bind9 with RPZ is cheaper.
Thanks, Greetings and nice Day/Evening
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
Internet Service Provider, Cloud Computing
itsystems at tdnet Jabber linux4michelle at jabber.ccc.de
Owner Michelle Konzack
Gewerbe Strasse 3 Tel office: +49-176-86004575
77694 Kehl Tel mobil: +49-177-9351947
Germany Tel mobil: +33-6-61925193 (France)
USt-ID: DE 278 049 239
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
More information about the bind-users