forged named bind queries

Hello everyone,

I'am getting a TON of queries on one of my shared servers, most of them likely faked, for sub.somedomain.com how would i disallowing any queries for that domain.

Since it is UDP, it is difficult for us to trace, as the original sender most likely doesn't care about the response packets and is instead using this machine to bounce queries elsewhere.

example of log:

Jul 30 08:03:39 cp named[6408]: client 1.1.1.ip#1252: query: subsomedomain.com IN A
Jul 30 08:03:39 cp named[6408]: client 2.2.2.ip#33056: query: subsomedomain.com IN A



Thanks any tips would be very much liked...

 

 

 

 

Top