Domain Name System protection

• Previous message (by thread): Summary with further Question: Domain Name System protection
• Next message (by thread): Domain Name System protection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe Shen wrote:
> We noticed there is continous name resolution requests
> from IP address outside of our address pool and also
> there is requests not conforming to DNS documents (
> like those from 10/8, 192.168/16 or something for
> microsoft proxy server name). We think these request
> waste our resource and we don't want these system
> stable, secure and high performance. 

If the resolver caches are only supposed to be accessed from your IP 
space, I am sure you can easily throw in a router ACL to accept 
connections on port 53 only from these IPs.

Oh, and filter out bogons at your borders while you are at it (like for 
example rfc1918 source addresses from outside your network)

	srs

• Previous message (by thread): Summary with further Question: Domain Name System protection
• Next message (by thread): Domain Name System protection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]