Maintained by: NLnet Labs

[Unbound-users] Log deny client

W.C.A. Wijngaards
Thu Apr 16 12:31:37 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Lorenzo,

On 15/04/15 12:44, Lorenzo Mainardi wrote:
> Hello to everyone,
> 
> I mantain a list of domains used for DNS amplification attack in 
> /etc/unbound/local.d/blacklist.conf
> 
> This file contains lines like this one:
> 
> 
> 
> local-zone: "9222hh.com" deny
> 
> 
> 
> Can I log this to identify the client sending the request?
> 
> I see on the new release the inform feature, but the inform will
> reply anyway to query.
> 
> Do you have any suggestions?

I have implemented inform_deny that logs and drops, in the code
repository.

You could set a stub-zone to an address that does not reply, as a
workaround.

Best regards,
   Wouter

> 
> 
> 
> * *
> 
> *dig**it**el*
> 
> 
> 
> Ing. Lorenzo Mainardi//
> 
> 
> 
> Via della Fortezza 6 - 50129 Firenze
> 
> www.digitelitalia.com <http://www.digitelitalia.com/> - 800 901
> 669
> 
> 
> 
> Tel +39 055 4624933
> 
> Fax +39 055 4624 947
> 
> lom at digitelitalia.com <mailto:lom at digitelitalia.com>
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVL4+JAAoJEJ9vHC1+BF+N8MMP/RTGPGSnsdeEeCT9axcldk3p
S7UpJ9+jY3yqhVc/wnWr7dJYHkIK7cbNdXkE1qQAcXEhxGF+hKa1KPoV2A6dIKeD
K2mUtiOCbNLAbBpHIhYFBSqcmiUamq5alVnXDPYVCnc7z75AbQDWJzPWyyi/GLSz
5LApRjLyx+uNFbCixg+5lwUdp6H01IWHSS45MWQFjtz4T7ZiRRSmmctT/EWqiV0O
KF/qZjTPtKqsVf4IZV9OMucDCb4vHSApMgOBbEuolDLvN5ycDmrReYRrKR9XB5VG
1QNxzY5+EXm/Lw++lI8uVVtn63gopci/lv/wJdBDGdZyOyKgHIIPyRRFqZib5XVP
oXvjUV4kjG6w8FLbTlXIOfPaLXUbaUAoOOXS8R/RVuIowSOrRKZWbEVSMfemPeel
DD9HZqMpcKtlLefVigNvDpM0IU2o2/VjE8M7gpw5vQIZqENssH2MTGV1zwXGnCQO
Ktxh0qJAuH8GXMdwDf3iufn/5kCvHMGpAKAY/4DpKTs1lmMS8+k2LQJDJKnkpbD4
Lf4AIwFoDrHxuGWxqYb+T9rxa/OsWbs7qkcXqKCe8XJsAqeAZTZsHKvQ0dxL5TMl
Y02Abj1qPgZWTuHq35s92oYtvOK3BrzhWbMpPz4itvOhlyh++yecVLfkyThlOzNQ
jGm7AJ85Zsfl3VTESfYp
=ydcQ
-----END PGP SIGNATURE-----