DNS Sinkhole in BIND
G.W. Haywood
bind at jubileegroup.co.uk
Thu Oct 27 15:56:44 UTC 2011
Hi there,
On Thu, 27 Oct 2011 Michelle Konzack wrote:
> Am 2011-10-17 13:28:43, hacktest Du folgendes herunter:
>
> > ... I found that setting up iptables to do drops for known bad
> > IPs/ranges was slightly better as the traffic never gets to BIND
> > ...
> > Example rules for various IPs that have annoyed me in the past:
> > -A RH-Firewall-1-INPUT -s 68.222.240.22 -j DROP
> > -A RH-Firewall-1-INPUT -s 203.142.82.222 -j DROP
> > -A RH-Firewall-1-INPUT -s 217.54.97.137 -j DROP
> > -A RH-Firewall-1-INPUT -s 217.219.20.226 -j DROP
> > -A RH-Firewall-1-INPUT -s 218.212.248.7 -j DROP
>
> ...and you get the hell on you ass if you have several 1000 of them!
> In this case, bind9 with RPZ is cheaper.
Maybe look at ipsets. Currently we firewall almost 76,000 networks.
[root at mail3 ~]# ipset -L | grep -v BLOCK | wc -l
75845
--
73,
Ged.
More information about the bind-users
mailing list