On 10/6/2015 6:34 AM, Leon Fauster wrote:
--On Monday, October 05, 2015 10:46 AM -0400 "James B. Byrne"<byrnejb@xxxxxxxxxxxxx> wrote:
>So, is there any convenient way to construct an IPTables rule to block
>all IPs associated with a given Domain Name server?
IPs have the reversed lookup "assosiated" with a NS.
What do you mean with "associated"?
Do mean all IPs that this DNS server resolves to
(A-Records in zone) (how do know for what zone
the NS gives authoritative answers)?
Or just the domain name server IPs of a given
domain name (NS records)?
What are you trying to solve?
I wondered much the same. most NS servers won't allow you to do a
zone transfer to find all the A/AAAA records in a given domain. doing a
reverse DNS lookup on every incoming/outgoing socket connection would be
beyond painful, it would bring your network to its knees as the reverse
DNS zones are often broken.
--
john r pierce, recycling bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
