Lorenzo Mainardi
2015-04-15 10:44:05 UTC
Hello to everyone,
I mantain a list of domains used for DNS amplification attack in
/etc/unbound/local.d/blacklist.conf
This file contains lines like this one:
local-zone: "9222hh.com" deny
Can I log this to identify the client sending the request?
I see on the new release the inform feature, but the inform will reply
anyway to query.
Do you have any suggestions?
digitel
Ing. Lorenzo Mainardi
Via della Fortezza 6 - 50129 Firenze
<http://www.digitelitalia.com/> www.digitelitalia.com - 800 901 669
Tel +39 055 4624933
Fax +39 055 4624 947
***@digitelitalia.com <mailto:***@digitelitalia.com>
I mantain a list of domains used for DNS amplification attack in
/etc/unbound/local.d/blacklist.conf
This file contains lines like this one:
local-zone: "9222hh.com" deny
Can I log this to identify the client sending the request?
I see on the new release the inform feature, but the inform will reply
anyway to query.
Do you have any suggestions?
digitel
Ing. Lorenzo Mainardi
Via della Fortezza 6 - 50129 Firenze
<http://www.digitelitalia.com/> www.digitelitalia.com - 800 901 669
Tel +39 055 4624933
Fax +39 055 4624 947
***@digitelitalia.com <mailto:***@digitelitalia.com>