[DNSfirewalls] A non RPZ DNS firewall question
Brian Dickson
brian.peter.dickson at gmail.com
Sat Jul 30 02:57:41 UTC 2022
You may want to investigate using dnsdist and some of the capabilities it
has.
I'd suggest using something like "refused".
(Definitely not "servfail" as that will make the client retry repeatedly,
making things worse.)
You could also simply drop the queries silently, I think, as long as you're
fairly sure the sender is who they say they are.
(If you are in doubt, this is the poster child for using DNS cookies.)
Brian
On Fri, Jul 29, 2022 at 4:52 PM Francis Turner via DNSfirewalls <
dnsfirewalls at lists.redbarn.org> wrote:
> At least I don’t think it’s an RPZ question because I don’t believe it is
> part of the spec.
>
>
>
> Is it possible in Bind or other DNS servers to filter based on RRTYPE e.g.
> always replying NXDOMAIN to TXT queries or for that matter to other
> arbitrary TYPEXX queries? We have some customers who are seeing their
> public recursive DNS servers being abused by queries of this sort. It’s
> possibly DDOS, it’s possible DNS Tunnelling, it may be some other abuse but
> either way they want it to stop – at least from certain users of their
> servers. Unfortunately neither they, nor I, can think of a good way to do
> this
>
>
>
> Regards
>
>
>
> Francis
>
>
>
> *Francis Turner *
>
> Threat STOP Global SE
>
> JP Cell: +81-8080404701 | US Cell: +1-760-402-7676
>
> Office: +1-760-542-1550 | Skype: francis.turner.threatstop
>
> francis at threatstop.com | www.threatstop.com
>
> *Weaponize Your Threat Intelligence*
>
> “If You Don’t Build It, They Definitely Will Not Come” – P. Vixie
>
>
> _______________________________________________
> DNSfirewalls mailing list
> DNSfirewalls at lists.redbarn.org
> http://lists.redbarn.org/mailman/listinfo/dnsfirewalls
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnsfirewalls/attachments/20220729/9757b49d/attachment.htm>
More information about the DNSfirewalls
mailing list