Nick Allum wrote:
> Just had a quick question, at the Bind Level, if there was a possible
> Denial of Service coming from only a handful of ip address, would I be
> able just to use an ACL to deny these or will my servers still be
> flooded as it has to process the ACL?
> Of what would be the quickest and easiest way to reduce the effect of
> some type of Denial of Service where I am getting large quantaties of
> requests from the same group of IPS.
>
>
> Thanks


In /etc/named.conf

....
acl bogon {
0.0.0.0/8; // Null address
1.0.0.0/8; // IANA reserved, popular fakes
2.0.0.0/8;
255.0.0.0/8;
};
....

Just add the attackers or their networks.


Kind regards
Peter and Karin

--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@peter-dambier.de
mail: peter@echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/