Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS query spam

from [Stephen Stuart] Network Security [Permanent Link]
Subject: Re: DNS query spam
Date: Wed, 30 Nov 2005 04:41:37 +0000 
Assuming you use Bind, can edit your named.conf file, only wish to  
provide recursive DNS services (ie. handle queries for domains that  
you are not authoritative for) to a known range of IP addresses, and  
the query is for a domain that you're not authoritative for, you can  
solve the problem by adding something like this to named.conf:

options {
    allow-recursion { 127.0.0.1/32; };
};

That particular setting would cause Bind to ignore recursive queries  
from all IP addresses except 127.0.0.1 (localhost).  My DNS server  
only provides recursive queries for itself, so the setting was easy  
for me.  After I started blocking recursive queries, it took a week  
or so for the bogus traffic to stop.  But in the mean time, since I  
wasn't sending responses, the amount of my bandwidth that was wasted  
decreased dramatically.


Small correction: that will cause BIND to not perform recursive
queries from any IP address except 127.0.0.1. You will still answer
queries from cache for all comers, unless you also restrict queries in
general to 127.0.0.1/32:

options {
    allow-query { 127.0.0.1/32; };
};

Stephen
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Gallery 2.x Security Advisory, Bharat Mediratta
Next by Date:  Re: DNS query spam, Joe
Previous by Thread:  Re: DNS query spam, Antone Roundy
Next by Thread:  Re: DNS query spam, Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]