View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions how to deny DNS abuse
Log in to Ask a Question

how to deny DNS abuse

networking

How to deny query DNS server by external hosts and allow only short list of hosts query server. Solution has to be completed for hosts with dynamic IP

allow-recursion { address_match_list };

seems to solve the problem however I can't see the way to use hostname instead IP address (ie. dynamic IP registered with dyndns.com server)

3 Replies

I've never heard of a DNS daemon that does what you want out of the box, but there are a few roundabout ways you may be able to approximate the behavior.

The easiest way I can think of is to use a VPN or SSH tunnel to route DNS queries through. Unfortunately, it adds an extra step in setup and adds latency to your connections–but it at least would achieve the goal.

Without knowing more about what you're trying to achieve and the sort of clients you want to serve, it's difficult to give a better answer.

James

dnscache, found in the djbdns software package[1], is able to restrict which IP addresses and IP address ranges are allowed to query the DNS server.

[1] http://cr.yp.to/djbdns.html

Cheers,

Nick

You might also look to see what network ranges dyndns.com uses, then use iptables to allow those networks access to port 53 (denying everything else). Far from a perfect solution but it would narrow it down a lot.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct