BIND configuration - IP blacklist instead of allow-query
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

BIND configuration - IP blacklist instead of allow-query

salakissalakis Member

Hi,

some us most likely run their own private smart DNS setup (Tunlr-style) and then we come to the point of security. The default solution to not become an unsafe open DNS used for DDoS is to restrict the queries by using allow-query { trusted; } and acl "trusted" {someip;};. This is convenient and sufficient for your desktop, but I travel a lot and I'd rather like to blacklist specific IP ranges (too lazy to update the IP whitelist all the time).

Is there any such option for BIND that refuses queries from given IPs / IP ranges? Or do you have any alternative solutions?

Tagged:
Sign In or Register to comment.