[AusNOG] DNS in general - was Re: Botnet??
ComKal Networks
admin at comkal.com.au
Sun Jul 29 14:38:32 EST 2012
Hi Joseph,
> One of our servers was being attacked looking for dgtl.ws (generating close to 10mbit bandwidth at one point), the server is
> used for both authoritative and recursive lookups, so we created an ACL for all IP's we want to allow recursive, then on
> each zone definition overwrote the ACL, result being only our IP's can recursive while anyone can authoritative, blocked the
> attack quite quick.
I simply use 'views', internal view (recursive allowed) for internal IP's,
external view for everything else (authorative only).
You could call the internal view 'recursive' and simply add internal
IP's as well as any external IP's allowed to use your DNS server.
There is much to learn on the ISC <http://www.isc.org/> Bind list.
For the menu impaired <http://www.isc.org/software/bind> :)
Cheers
Ian Manners
ComKal Networks Australia
More information about the AusNOG
mailing list