[Unbound-users] Log deny client
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Apr 16 10:31:37 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Lorenzo,
On 15/04/15 12:44, Lorenzo Mainardi wrote:
> Hello to everyone,
>
> I mantain a list of domains used for DNS amplification attack in
> /etc/unbound/local.d/blacklist.conf
>
> This file contains lines like this one:
>
>
>
> local-zone: "9222hh.com" deny
>
>
>
> Can I log this to identify the client sending the request?
>
> I see on the new release the inform feature, but the inform will
> reply anyway to query.
>
> Do you have any suggestions?
I have implemented inform_deny that logs and drops, in the code
repository.
You could set a stub-zone to an address that does not reply, as a
workaround.
Best regards,
Wouter
>
>
>
> * *
>
> *dig**it**el*
>
>
>
> Ing. Lorenzo Mainardi//
>
>
>
> Via della Fortezza 6 - 50129 Firenze
>
> www.digitelitalia.com <http://www.digitelitalia.com/> - 800 901
> 669
>
>
>
> Tel +39 055 4624933
>
> Fax +39 055 4624 947
>
> lom at digitelitalia.com <mailto:lom at digitelitalia.com>
>
>
>
>
>
>
>
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVL4+JAAoJEJ9vHC1+BF+N8MMP/RTGPGSnsdeEeCT9axcldk3p
S7UpJ9+jY3yqhVc/wnWr7dJYHkIK7cbNdXkE1qQAcXEhxGF+hKa1KPoV2A6dIKeD
K2mUtiOCbNLAbBpHIhYFBSqcmiUamq5alVnXDPYVCnc7z75AbQDWJzPWyyi/GLSz
5LApRjLyx+uNFbCixg+5lwUdp6H01IWHSS45MWQFjtz4T7ZiRRSmmctT/EWqiV0O
KF/qZjTPtKqsVf4IZV9OMucDCb4vHSApMgOBbEuolDLvN5ycDmrReYRrKR9XB5VG
1QNxzY5+EXm/Lw++lI8uVVtn63gopci/lv/wJdBDGdZyOyKgHIIPyRRFqZib5XVP
oXvjUV4kjG6w8FLbTlXIOfPaLXUbaUAoOOXS8R/RVuIowSOrRKZWbEVSMfemPeel
DD9HZqMpcKtlLefVigNvDpM0IU2o2/VjE8M7gpw5vQIZqENssH2MTGV1zwXGnCQO
Ktxh0qJAuH8GXMdwDf3iufn/5kCvHMGpAKAY/4DpKTs1lmMS8+k2LQJDJKnkpbD4
Lf4AIwFoDrHxuGWxqYb+T9rxa/OsWbs7qkcXqKCe8XJsAqeAZTZsHKvQ0dxL5TMl
Y02Abj1qPgZWTuHq35s92oYtvOK3BrzhWbMpPz4itvOhlyh++yecVLfkyThlOzNQ
jGm7AJ85Zsfl3VTESfYp
=ydcQ
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list