It is better do this with a real IPS rather than use your DNS server to
do this. You should avoid having any unwanted traffic hit you DNS
servers ever.
Eric
Prabhat Rana wrote:
Hello,
I have BIND 9.5running on a Solaris10 box. It provides recursive DNS service.
I'm trying to implement a script where it reads the BIND stats file for all the
incoming queries and if there are too many queries from a single user (source
IP) it will block queries from that particular IP. In order for this to occur
is there a parameter similar to allow-query that I can inject into the
named.conf to block query from a single IP address when this condition occurs?
Basically I'm trying to add a tool to detect potential DOS attacks where we see
too many queries from one single IP. Any other suggestions would also be
appreciated.
Thanks
Prabhat.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
