[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind-users
Subject:    Re: Catch All Server - Null MX Setup
From:       Kevin Darcy <kcd () daimlerchrysler ! com>
Date:       2005-09-30 23:57:53
Message-ID: 433DD101.6050609 () daimlerchrysler ! com
[Download RAW message or body]

WiNNie wrote:

>The Name Servers are being used for a domain parking program, there is
>no email, so MX is of no use. My dedicated Name Servers are currently
>trying to cope with a throughput of 200-300k of data per second
>primarily on MX and AAAA record lookups, they are never followed up by
>an email or a visit to the relevant domain. It is basically an attack
>of some sort, so by shutting off the MX lookups I should be able to
>reduce the throughput, the AAAA lookups are a different case though as
>i cant simply shut them off.
>
Well, if they're not actually using the results of MX records for mail, 
and they'be basically just attacking you, how does it help to give them 
bogus results? If it's a relatively small number of clients or client 
ranges that are doing this, you could block the queries with 
allow-query, which can be specified at a zone level, and will save you a 
little bandwidth since REFUSED packets are smaller than data-bearing 
packets, or if you want to just snub them for everything, use blackhole, 
which nixes all return traffic and saves you a bunchload of bandwidth...

                                                                         
                                                   - Kevin



[prev in list] [next in list] [prev in thread] [next in thread]