Domain Name System protection

• Previous message (by thread): Domain Name System protection
• Next message (by thread): C&W Support Number
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Suresh Ramasubramanian wrote:

|
| Joe Shen wrote:
|
|> We noticed there is continous name resolution requests
|> from IP address outside of our address pool and also
|> there is requests not conforming to DNS documents (
|> like those from 10/8, 192.168/16 or something for
|> microsoft proxy server name). We think these request
|> waste our resource and we don't want these system
|> stable, secure and high performance.
|
|
| If the resolver caches are only supposed to be accessed from your IP
| space, I am sure you can easily throw in a router ACL to accept
| connections on port 53 only from these IPs.
|
| Oh, and filter out bogons at your borders while you are at it (like for
| example rfc1918 source addresses from outside your network)
|

And check out the CYMRU Secure Bind template at
http://www.cymru.com/Documents/secure-bind-template.html

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFBIQ3HE1XcgMgrtyYRAuAXAJ4z6GI+X7nPL3wZZ2kvB30YGQ+B/QCeIagA
mqIz2gcRVeY+g2LVBjLc6dQ=
=iAkf
-----END PGP SIGNATURE-----

• Previous message (by thread): Domain Name System protection
• Next message (by thread): C&W Support Number
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]