DNS Sinkhole in BIND
bind at jubileegroup.co.uk
Thu Oct 27 15:56:44 UTC 2011
On Thu, 27 Oct 2011 Michelle Konzack wrote:
> Am 2011-10-17 13:28:43, hacktest Du folgendes herunter:
> > ... I found that setting up iptables to do drops for known bad
> > IPs/ranges was slightly better as the traffic never gets to BIND
> > ...
> > Example rules for various IPs that have annoyed me in the past:
> > -A RH-Firewall-1-INPUT -s 184.108.40.206 -j DROP
> > -A RH-Firewall-1-INPUT -s 220.127.116.11 -j DROP
> > -A RH-Firewall-1-INPUT -s 18.104.22.168 -j DROP
> > -A RH-Firewall-1-INPUT -s 22.214.171.124 -j DROP
> > -A RH-Firewall-1-INPUT -s 126.96.36.199 -j DROP
> ...and you get the hell on you ass if you have several 1000 of them!
> In this case, bind9 with RPZ is cheaper.
Maybe look at ipsets. Currently we firewall almost 76,000 networks.
[root at mail3 ~]# ipset -L | grep -v BLOCK | wc -l
More information about the bind-users