| Linode Forum https://forum.linode.com/ |
|
| how to deny DNS abuse https://forum.linode.com/viewtopic.php?f=19&t=3695 |
Page 1 of 1 |
| Author: | jey [ Sat Nov 29, 2008 7:18 pm ] |
| Post subject: | how to deny DNS abuse |
How to deny query DNS server by external hosts and allow only short list of hosts query server. Solution has to be completed for hosts with dynamic IP Code: allow-recursion { address_match_list }; seems to solve the problem however I can't see the way to use hostname instead IP address (ie. dynamic IP registered with dyndns.com server)
|
|
| Author: | irgeek [ Sat Nov 29, 2008 8:52 pm ] |
| Post subject: | |
I've never heard of a DNS daemon that does what you want out of the box, but there are a few roundabout ways you may be able to approximate the behavior. The easiest way I can think of is to use a VPN or SSH tunnel to route DNS queries through. Unfortunately, it adds an extra step in setup and adds latency to your connections--but it at least would achieve the goal. Without knowing more about what you're trying to achieve and the sort of clients you want to serve, it's difficult to give a better answer. James |
|
| Author: | nickh [ Thu Feb 05, 2009 12:38 am ] |
| Post subject: | |
dnscache, found in the djbdns software package[1], is able to restrict which IP addresses and IP address ranges are allowed to query the DNS server. [1] http://cr.yp.to/djbdns.html Cheers, Nick |
|
| Author: | sleddog [ Thu Feb 05, 2009 8:59 am ] |
| Post subject: | |
You might also look to see what network ranges dyndns.com uses, then use iptables to allow those networks access to port 53 (denying everything else). Far from a perfect solution but it would narrow it down a lot. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|