Maintained by: NLnet Labs

Python module to ignore query

Paul Wouters
Wed May 10 16:24:48 CEST 2017


On Tue, 9 May 2017, Eduardo Schoedler via Unbound-users wrote:

> No exist ip address like 333.x.x.x, for example.
>
> So, I wrote a python module to filter this questions.

But is that wise? If this malware ends up sending the DNS query
to a legitimate system DNS function, then such a DNS function
will retry the query a number of times to all the DNS resolvers
configured on the client. So you are actually making the problem
worse.

Filtering a DNS query on a recursor is almost never the right solution.

Paul