patch to 8.2.3-REL to deny queries w/o sending a refusal response
atatat at atatdot.net
Tue Feb 13 17:36:23 UTC 2001
>Is there any interest in this patch at all? Would you take it (in its
>final form, with documentation) for inclusion in the next release?
>What are other sites doing to combat this problem?
>The goal of the patch is to deal with one form of DOS assistance (when the
>queries are being denied) while still allowing normal DNS service (even to
>the victim host) to work. Of course the patch doesn't deal with the
>problem where the forged queries will actually be answered...
i'm just curious...how does this patch differ from taking the inverse
of your allow-query clauses and stuffing them into blackhole clauses?
or is it simply meant to be a nice big fuzzy switch?
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org * "ah! i see you have the internet
twofsonet at graffiti.com (Andrew Brown) that goes *ping*!"
andrew at crossbar.com * "information is power -- share the wealth."
More information about the bind-workers