| To: | dns@list.cr.yp.to |
|---|---|
| Subject: | Re: blocking IP ranges from querying tinydns |
| From: | John Levine <johnl@iecc.com> |
| Date: | 13 May 2007 21:05:46 -0000 |
| Cc: | mj@sci.fi |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | gmail-djbdns@securepoint.com |
| Delivered-to: | sp.com.list@gmail.com |
| Delivered-to: | mailing list dns@list.cr.yp.to |
| In-reply-to: | <46476E8E.8070000@sci.fi> |
| Mailing-list: | contact dns-help@list.cr.yp.to; run by ezmlm |
| Organization: |
> I basically would like to either block Cyveillance or even better, > return 127.0.0.1 for anything they query. > Any ideas on how to accomplish this, other than adding a lo record to >each of several thousand domains? I'd prefer a low-maintenance, global >blocking solution. a) adjust your router to reject traffic from them to port 53 on your DNS server. b) if your router is smart enough, do something NAT-like to route that traffic to a different server that returns different results c) everyone I know with a non-trivial set of domains to serve builds the data files with scripts. Adjusting those scripts to add the extra records for split horizon should take about 15 minutes. R's, John |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | blocking IP ranges from querying tinydns, Mike Jackson |
|---|---|
| Next by Date: | Re: blocking IP ranges from querying tinydns, Dean Anderson |
| Previous by Thread: | blocking IP ranges from querying tinydns, Mike Jackson |
| Next by Thread: | Re: blocking IP ranges from querying tinydns, Dean Anderson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |