On 20.01.15 10:53, Daniel Dawalibi wrote:
Allow-query is only allowed for specified IP defined in the allow-query
statement.
so, how exactly do errors in log look like?
Maybe you need to disallow queries at firewall level...
On 19.01.15 16:14, Daniel Dawalibi wrote:
Invalid DNS queries : non-existent domains that do not resolve to any
IP as mentioned in the below example.
you should better not use this definition.
We are trying to protect our DNS servers from a number of invalid dns
queries targeting our caching server and originated from different
source IPs. Is there any way to drop these requests based on the
Query Access list from the DNS configuration file (named.conf)?
you can NOT know if a hostname exists before you try to resolve it. After
that, you can't block it anymore.
do you allow recursion for remote clients? (recursion and allow-recursion
statemends)
Do you allow DNS access from remote clients? (allow-query statement)
Perhaps denying remote clients from even accessing your caching server would
help you with this problem.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
