-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Suresh Ramasubramanian wrote: | | Joe Shen wrote: | |> We noticed there is continous name resolution requests |> from IP address outside of our address pool and also |> there is requests not conforming to DNS documents ( |> like those from 10/8, 192.168/16 or something for |> microsoft proxy server name). We think these request |> waste our resource and we don't want these system |> stable, secure and high performance. | | | If the resolver caches are only supposed to be accessed from your IP | space, I am sure you can easily throw in a router ACL to accept | connections on port 53 only from these IPs. | | Oh, and filter out bogons at your borders while you are at it (like for | example rfc1918 source addresses from outside your network) | And check out the CYMRU Secure Bind template at http://www.cymru.com/Documents/secure-bind-template.html - -- ========= bep -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) iD8DBQFBIQ3HE1XcgMgrtyYRAuAXAJ4z6GI+X7nPL3wZZ2kvB30YGQ+B/QCeIagA mqIz2gcRVeY+g2LVBjLc6dQ= =iAkf -----END PGP SIGNATURE-----