[DNSfirewalls] A non RPZ DNS firewall question
Francis Turner
francis at threatstop.com
Fri Jul 29 23:52:37 UTC 2022
At least I don't think it's an RPZ question because I don't believe it is part of the spec.
Is it possible in Bind or other DNS servers to filter based on RRTYPE e.g. always replying NXDOMAIN to TXT queries or for that matter to other arbitrary TYPEXX queries? We have some customers who are seeing their public recursive DNS servers being abused by queries of this sort. It's possibly DDOS, it's possible DNS Tunnelling, it may be some other abuse but either way they want it to stop - at least from certain users of their servers. Unfortunately neither they, nor I, can think of a good way to do this
Regards
Francis
Francis Turner
Threat STOP Global SE
JP Cell: +81-8080404701 | US Cell: +1-760-402-7676
Office: +1-760-542-1550 | Skype: francis.turner.threatstop
francis at threatstop.com<mailto:francis at threatstop.com> | www.threatstop.com<http://www.threatstop.com/>
Weaponize Your Threat Intelligence
"If You Don't Build It, They Definitely Will Not Come" - P. Vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20220729/e0331cf4/attachment.htm>
More information about the DNSfirewalls
mailing list