On 28/03/2012 10:21, Stephane Bortzmeyer wrote: >> The same IP address, produced a large number of requests within a >> very short period of time. Can I block these IPs? > > You probaably should not. The source IP address is forged, it is the > address of the victim. If you block it, the victim will not be able to > talk to your name servers.
As Stéphane says, do not block the address. It's probably better to rate-limit the address. You can do that on your server with iptables (Linux) or ipfw (*BSD) or on your router. Regards, Anand Buddhdev RIPE NCC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
