2015-04-02 0:51 GMT+09:00 Daniel Ryslink <[email protected]>:
> However, you can maintain local zone list in unbound automatically fairly > easily, we have been doing it for over a year with minimal necessity of > manual intervention. If you wish, have a look at the attached perl script. unbound-bloomfilter's attack detection mechanisms implement almost same thing as your script. I used public suffix list (source code embedded, currently) to determine depth of blocking domain which corresponds to your "third_level_domains.conf". Note that the bloomfilter itself is a way to reduce collateral damage caused by filtering. Of course to reduce damage caused by wrong (false positive) filtering and to accept legitimate queries for the filtered domain > The only other option is to persuade the users of the compromised machines > to clean their systems. I agree. Regards, -- Daisuke HIGASHI _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
