nanog mailing list archives
Re: Domain Name System protection
From: Bruce Pinsky <bep () whack org>
Date: Mon, 16 Aug 2004 12:40:55 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Suresh Ramasubramanian wrote: | | Joe Shen wrote: | |> We noticed there is continous name resolution requests |> from IP address outside of our address pool and also |> there is requests not conforming to DNS documents ( |> like those from 10/8, 192.168/16 or something for |> microsoft proxy server name). We think these request |> waste our resource and we don't want these system |> stable, secure and high performance. | | | If the resolver caches are only supposed to be accessed from your IP | space, I am sure you can easily throw in a router ACL to accept | connections on port 53 only from these IPs. | | Oh, and filter out bogons at your borders while you are at it (like for | example rfc1918 source addresses from outside your network) | And check out the CYMRU Secure Bind template at http://www.cymru.com/Documents/secure-bind-template.html - -- ========= bep -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) iD8DBQFBIQ3HE1XcgMgrtyYRAuAXAJ4z6GI+X7nPL3wZZ2kvB30YGQ+B/QCeIagA mqIz2gcRVeY+g2LVBjLc6dQ= =iAkf -----END PGP SIGNATURE-----
Current thread:
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...), (continued)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Jared Mauch (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Patrick W Gilmore (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Summary with further Question: Domain Name System protection Joe Shen (Aug 17)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Domain Name System protection Bruce Pinsky (Aug 16)