[AusNOG] Botnet??
Joseph Goldman
joe at apcs.com.au
Sun Jul 29 13:25:15 EST 2012
Can you explain the specific advantage of this?
One of our servers was being attacked looking for dgtl.ws (generating
close to 10mbit bandwidth at one point), the server is used for both
authoritative and recursive lookups, so we created an ACL for all IP's
we want to allow recursive, then on each zone definition overwrote the
ACL, result being only our IP's can recursive while anyone can
authoritative, blocked the attack quite quick.
Thanks,
Joe
On 29/07/12 12:11, Dobbins, Roland wrote:
> On Jul 29, 2012, at 8:22 AM, Heinz N wrote:
>
>> (2) Use 2 name servers. One for your internal clients/trusted IPs and another for external IPs to query domains who you are authorative for. Allow recursive for internal but turn it off for external. Allow any external secondary DNS server UDP and TCP port 53 access for zone
>> transfers.
> Recursive & authoritative functionality should be separated, as well:
>
> <http://dl.dropbox.com/u/25235895/dnstiers.jpg>
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list