andretw/bind_dlz.md

Last active August 29, 2015 14:04

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/andretw/388e5cb9cf883b8facb2.js"></script>
Save andretw/388e5cb9cf883b8facb2 to your computer and use it in GitHub Desktop.

Download ZIP

Bind and DLZ Memo

Raw

bind_dlz.md

Bind, DLZ

After Bind v9.6, DLZ included.

Disable the recusive query other than internal domains or ips

acl corpnets {
  36.231.157.56/32;
  114.34.18.168/32;
}
allow-recursion { corpnets; };

or disable all

resursion no;

In MySQL

dns_zones

domains

dns_records

@A
@NS
@SOA

Prevent DDoS attack

iptables -t raw -I PREROUTING -i eth0 -p udp --destination-port 53 \
    -m string --algo kmp --from 30 \
    --hex-string "|01000001000000000000|" -j DROP