Thanks Yohann Regards Vivek Aggarwal +973-36583058
-----Original Message----- From: Yohann LEPAGE [mailto:[email protected]] Sent: Wednesday, October 07, 2009 4:52 PM To: Agarwal Vivek-RNGB36 Cc: [email protected] Subject: Re: DNS Server Agarwal Vivek-RNGB36 a écrit : > Thanks for the response . Iam using Linux box. The issue is the list > for blocking the DNS Servers is huge. Do you have much idea on bind > directive > > Can anyone help me in bind directive. I v never used it There is an example here[0], "7.1 Access Control Lists" : // Set up an ACL named "bogusnets" that will block RFC1918 space, // which is commonly used in spoofing attacks. acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; // Set up an ACL called our-nets. Replace this with the real IP numbers. acl our-nets { x.x.x.x/24; x.x.x.x/21; }; options { ... ... allow-query { our-nets; }; allow-recursion { our-nets; }; ... blackhole { bogusnets; }; ... }; zone "example.com" { type master; file "m/example.com"; allow-query { any; }; }; [0] : https://www.isc.org/files/Bv9.3ARM.pdf > Thanks > > Regards > Vivek Aggarwal > +973-36583058 > > > > -----Original Message----- > From: Todd Snyder [mailto:[email protected]] > Sent: Wednesday, October 07, 2009 4:38 PM > To: Agarwal Vivek-RNGB36; [email protected] > Subject: RE: DNS Server > > There are a few approaches you could take, and it depends on what you are > trying to do. > > If you are actually trying to block traffic to a specific server/servers, I'd > say use a firewall. If you're running on a linux box, it's pretty easy: > > http://www.cyberciti.biz/faq/howto-null-route-an-attackers-ip/ > > Failing that, I believe there is a bind directive (blackhole) that might do > what you want, but I've never looked into it. > > Finally, if you are simply trying to block certain domains, you could load > them as master zones on your server and leave them blank. > > Cheers, > > Todd. > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Agarwal > Vivek-RNGB36 > Sent: Wednesday, October 07, 2009 8:46 AM > To: [email protected] > Subject: DNS Server > > Hi All > > Im using a BIND 9.3. I have been asked to block the responses from > some of the DNS Servers in the internet. Is there any way how can I do > that > > Regards > Vivek Aggarwal > +973-36583058 > > > _______________________________________________ > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users > > --------------------------------------------------------------------- > This transmission (including any attachments) may contain confidential > information, privileged material (including material protected by the > solicitor-client or other applicable privileges), or constitute non-public > information. Any use of this information by anyone other than the intended > recipient is prohibited. If you have received this transmission in error, > please immediately reply to the sender and delete this information from your > system. Use, dissemination, distribution, or reproduction of this > transmission by unintended recipients is not authorized and may be unlawful. > _______________________________________________ > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users > -- La Poste\DISIT\ETU\IQI\INGS _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
