Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


BIND configuration - IP blacklist instead of allow-query
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

BIND configuration - IP blacklist instead of allow-query

salakissalakis Member

Hi,

some us most likely run their own private smart DNS setup (Tunlr-style) and then we come to the point of security. The default solution to not become an unsafe open DNS used for DDoS is to restrict the queries by using allow-query { trusted; } and acl "trusted" {someip;};.
This is convenient and sufficient for your desktop, but I travel a lot and I'd rather like to blacklist specific IP ranges (too lazy to update the IP whitelist all the time).

Is there any such option for BIND that refuses queries from given IPs / IP ranges? Or do you have any alternative solutions?

Sign In or Register to comment.