Create zones for the domains in question and point the records to Disney.com. That will turn them off to porn for the rest of their lives. Either that - or if these servers are just for you - disable recursion and only allow recursion for known IP ranges (if you're using BIND). I've never been crazy enough to put a M$ DNS server on the Intarweb. :) Even if the requests for queries come in - the server will bounce them as they're recursive and not coming from a known IP range. You might see a bit more traffic, but not as much as you'd see if your servers are doing the lookups for these errant queries. Cheers, --SJ _____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Barker Sent: Friday, November 16, 2007 8:08 AM To: [email protected] Subject: RE: [IMail Forum] OT: Bombarded by bad DNS queries If the machine is "Internal Use Only" caching DNS, why does it even have a public IP? It should not even need one. Dan _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf Sent: Thursday, November 15, 2007 9:27 PM To: [email protected] Subject: [IMail Forum] OT: Bombarded by bad DNS queries I know there are several people on this list that know DNS very well. I have a problem. A very nice person (not) has published the IP Address of one of our DNS servers as a nameserver for a bunch of porn sites. Example: We run dns1.abcd.com on 1.1.1.1 and this guy has published ns2.pornsite.com on our IP Address of 1.1.1.1 Result is that our DNS server is being bombarded for queries about these various porn sites. None of the sites I've tested are actually up... just names of porn sites. Either way we're getting millions of DNS requests. We really don't want to change the IP address of that server. The guy who has done all of this is apparently in Russia. He only knows a few words in English and most are curses. The queries come from millions of different IP Addresses so there's no way to block them. Anyone have any suggestions on how to force someone to clean up their DNS? Thanks in advance, -Joe
