Thanks for all the responses,

Does someone have an example with the syntax for the blackhole command.
Would the following work

Would I just need to add the following on my bind 9.2.3 configuration as
an example.

Blackhole {142.146.10.10; 142.135.34.45; 142.146.89.0/24;
142.146.99.0/16}

Thanks


-----Original Message-----
From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
Behalf Of Barry Margolin
Sent: Friday, February 23, 2007 10:25 PM
To: comp-protocols-dns-bind@isc.org
Subject: Re: Denial of Service


In article ,
"Nick Allum" wrote:

> Just had a quick question, at the Bind Level, if there was a possible
> Denial of Service coming from only a handful of ip address, would I be


> able just to use an ACL to deny these or will my servers still be
> flooded as it has to process the ACL? Of what would be the quickest
> and easiest way to reduce the effect of some type of Denial of Service


> where I am getting large quantaties of requests from the same group of


> IPS.


As others have pointed out, it would be better to filter them upstream.

Next best might be your OS's packet filtering. But filtering in BIND
would be better than nothing, since it takes less work to check an
against a filter than to actually perform the DNS processing, so the
backlog will be smaller.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***