DNS Sinkhole in BIND

Lightner, Jeff JLightner at water.com
Thu Oct 27 13:24:17 UTC 2011


Rather a late response I think.

When I setup the rules I spoke about RPZ was just a gleam in someone's eyes.

My post discussed the relative merit of iptables vs. blackholes and didn't mention RPZ.  RPZ may be a better solution but it requires one to stop and upgrade BIND to get it.





-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Michelle Konzack
Sent: Wednesday, October 26, 2011 9:01 PM
To: bind-users at lists.isc.org
Subject: Re: DNS Sinkhole in BIND

Hello Lightner, Jeff,

Am 2011-10-17 13:28:43, hacktest Du folgendes herunter:
> While setting up blackholes in BIND works fine when I did this on
> Linux I found that setting up iptables to do drops for known bad
> IPs/ranges was slightly better as the traffic never gets to BIND in
> the first place as it is stopped at kernel level.  It simply DROPs the
> packet without telling the bad guys why packets didn't go through.
>
> Example rules for various IPs that have annoyed me in the past:
> -A RH-Firewall-1-INPUT -s 68.222.240.22 -j DROP
> -A RH-Firewall-1-INPUT -s 203.142.82.222 -j DROP
> -A RH-Firewall-1-INPUT -s 217.54.97.137 -j DROP
> -A RH-Firewall-1-INPUT -s 217.219.20.226 -j DROP
> -A RH-Firewall-1-INPUT -s 218.212.248.7 -j DROP

...and you get the hell on you ass if you have several 1000 of them!
In this case, bind9 with RPZ is cheaper.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux
               Internet Service Provider, Cloud Computing
                <http://www.itsystems.tamay-dogan.net/>

itsystems at tdnet                     Jabber  linux4michelle at jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3                   Tel office: +49-176-86004575
77694 Kehl                          Tel mobil:  +49-177-9351947
Germany                             Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/




Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------




More information about the bind-users mailing list