Python module to ignore query
Paul Wouters
paul at nohats.ca
Wed May 10 14:24:48 UTC 2017
On Tue, 9 May 2017, Eduardo Schoedler via Unbound-users wrote:
> No exist ip address like 333.x.x.x, for example.
>
> So, I wrote a python module to filter this questions.
But is that wise? If this malware ends up sending the DNS query
to a legitimate system DNS function, then such a DNS function
will retry the query a number of times to all the DNS resolvers
configured on the client. So you are actually making the problem
worse.
Filtering a DNS query on a recursor is almost never the right solution.
Paul
More information about the Unbound-users
mailing list