nanog mailing list archives
Re: Domain Name System protection
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Mon, 16 Aug 2004 10:59:16 +0530
Joe Shen wrote:
We noticed there is continous name resolution requests from IP address outside of our address pool and also there is requests not conforming to DNS documents ( like those from 10/8, 192.168/16 or something for microsoft proxy server name). We think these request waste our resource and we don't want these systemstable, secure and high performance.
If the resolver caches are only supposed to be accessed from your IP space, I am sure you can easily throw in a router ACL to accept connections on port 53 only from these IPs.
Oh, and filter out bogons at your borders while you are at it (like for example rfc1918 source addresses from outside your network)
srs
Current thread:
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...), (continued)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) David A. Ulevitch (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Jared Mauch (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Patrick W Gilmore (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Summary with further Question: Domain Name System protection Joe Shen (Aug 17)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Domain Name System protection Bruce Pinsky (Aug 16)