patch to 8.2.3-REL to deny queries w/o sending a refusal response

Andrew Brown atatat at
Tue Feb 13 17:36:23 UTC 2001

>Is there any interest in this patch at all?  Would you take it (in its 
>final form, with documentation) for inclusion in the next release?
>What are other sites doing to combat this problem?
>The goal of the patch is to deal with one form of DOS assistance (when the 
>queries are being denied) while still allowing normal DNS service (even to 
>the victim host) to work.  Of course the patch doesn't deal with the 
>problem where the forged queries will actually be answered...

i'm just does this patch differ from taking the inverse
of your allow-query clauses and stuffing them into blackhole clauses?
or is it simply meant to be a nice big fuzzy switch?

|-----< "CODE WARRIOR" >-----|
codewarrior at             * "ah!  i see you have the internet
twofsonet at (Andrew Brown)                that goes *ping*!"
andrew at       * "information is power -- share the wealth."

More information about the bind-workers mailing list