patch to 8.2.3-REL to deny queries w/o sending a refusal response

Andrew Brown atatat at atatdot.net
Tue Feb 13 17:36:23 UTC 2001


>Is there any interest in this patch at all?  Would you take it (in its 
>final form, with documentation) for inclusion in the next release?
>
>What are other sites doing to combat this problem?
>
>The goal of the patch is to deal with one form of DOS assistance (when the 
>queries are being denied) while still allowing normal DNS service (even to 
>the victim host) to work.  Of course the patch doesn't deal with the 
>problem where the forged queries will actually be answered...

i'm just curious...how does this patch differ from taking the inverse
of your allow-query clauses and stuffing them into blackhole clauses?
or is it simply meant to be a nice big fuzzy switch?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org             * "ah!  i see you have the internet
twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
andrew at crossbar.com       * "information is power -- share the wealth."


More information about the bind-workers mailing list