Date: Sat, 25 Mar 2000 15:21:47 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Kevin Oberman <oberman@es.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS and FIREWALL Message-ID: <20000325152147.A24518@hades.hell.gr> In-Reply-To: <200003241551.HAA01629@ptavv.es.net>; from oberman@es.net on Fri, Mar 24, 2000 at 07:51:42AM -0800 References: <20000324043334.C303@hades.hell.gr> <200003241551.HAA01629@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 24, 2000 at 07:51:42AM -0800, Kevin Oberman wrote: > > A valid point. If your server gets lots of AXFRs for a large zone, the > lack of TCP capability would certainly block it. But, if I understand > the attack correctly, it would also be prevented by use of the > allow-transfer directive in the configuration. Oh, this deserves a big thanks. I just read about allow-query too in my bind docs. This is just what I was thinking. You can't always stop a DoS attack, especially if it comes in the form of many hundred udp requests. However, a properly tuned allow-query is an easy way of stopping well known 'problem sources'. Thanks for hinting on allow-transfer and making me read my bind docs more carefully ;) - Giorgos Keramidas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000325152147.A24518>