Thanks for the hint. I wrote and iptables rule but seems not working iptables -I INPUT 4 -p udp -m udp --dport 53 -m string --hex-string "|06|domain" --algo bm --to 65535 -m comment --comment ".domain" -j DROP
I think that I need to specify to block all domains with .domain at the end (a kind of *.domain) Any suggestion?! Thankyou!!!! Federico 2015-12-13 15:41 GMT+00:00 Stephane Bortzmeyer <[email protected]>: > On Sun, Dec 13, 2015 at 03:17:04PM +0000, > Federico Olivieri <[email protected]> wrote > a message of 131 lines which said: > > > I did sniff traffic and I saw some strange queries with .domain at the > end > > of the name > > Always use tcpdump with -n option... (hint: the last field is the > port, 53 in digits, domain in letters). > > > If I do dig for one of those domains I can see that the query goes > directly > > to root server. > > Of course, since it searches for the .domain TLD. > >
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
