[lug] recommended package to forward all DNS requests to single IP address?
bgiles at coyotesong.com
Sun Jun 23 15:57:17 MDT 2019
>From some comments elsewhere it looks like what's actually going on may be
that my system was being used for 'dns amplification' attacks.
It looks like I managed to lock myself out, rendering this a moot issue.
H A T E
U B U N T U
N E T W O R K I N G
I've lost hours because a small change on my desktop broke everything and
the documentation has no relationship with reality. At least that's the
case with dnsmasq. I know it's not just my imagination since I tried making
a really safe change - increasing the size of the cache - and when I do a
kill -USR1 on the dnsmasq process it shows the same cache size. It doesn't
matter that I put the new setting under every dnsmasq.d directory. So it
makes me feel a little better that it's not my incompetence - but I've
still lost hours from this.
On Sun, Jun 23, 2019 at 12:52 PM ghe <ghe at slsware.net> wrote:
> On 6/23/19 11:46 AM, Bear Giles wrote:
> > Does anyone have a recommendation for a DNS server that forwards all
> > requests to a single IP address? Either a specialized one or just quick
> > notes on setting up a standard DNS server.
> I'm not sure what you're trying to do, but BIND/<that one on RIPE> +
> iptables do wonders.
> I'd think a packet filter (iptables) that allowed only one address to
> get to UDP 53 might do what you want to have happen (less the goatse
> pix, though). That's input. You could do something very similar on output.
> Glenn English
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LUG