LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Creating a DNS "dead Zone" (https://www.linuxquestions.org/questions/linux-networking-3/creating-a-dns-dead-zone-722059/)

Quest101 04-27-2009 02:11 PM

Creating a DNS "dead Zone"
 
I have a situation where a dns client is bombarding my dns server with dummy requests to the point that it seems to be running up my CPU to almost 100% utilization. Due to limitations on the client I am unable to stop the requests from being generated right now.

Is there a way for me to point these dummy requests to a NULL address ( if there is anything like that ) that would prevent further requests ?? or any other solution you would recommend.

The requests usually have the name <whatever>.xyz.com ( so the xyz.com is common to all the dummy requests )

Any help would be appreciated... thanks

MensaWater 04-27-2009 03:14 PM

In your named.conf:

in options add:
blackhole { blackhats; };

Create and acl called blackhats:
acl "blackhats" {
ip1;ip2;ip3
};

Where you put in the IP addresses of the offending site.

I don't know of a way to do it by domain name as you requested. However, chances are a lot of what you're seeing is all coming from a common network so you can specify that network with CIDR.

CarLost 04-27-2009 04:13 PM

Also you can manage with iptables and module "recent" it is very cool and scalable.-

You can accept just a few request from any IP for a short time (starting at 60 seconds) if the client reach this few request he will REJECT or DROP until he stop for a 60 seconds. You can add another rule multiplied by 10 the request numbers and drop for an hour.... ETC

Think about it


All times are GMT -5. The time now is 05:38 AM.