Hit reply instead of reply all. This is for the list.
-------------------------- Original Message --------------------------
Subject: Re: Can one construct an IPTables rule to block on
NS records?
From: "James B. Byrne" <byrnejb@xxxxxxxxxxxxx>
Date: Wed, October 7, 2015 08:52
To: "John R Pierce" <pierce@xxxxxxxxxxxx>
----------------------------------------------------------------------
On Tue, October 6, 2015 13:36, John R Pierce wrote:
> On 10/6/2015 6:34 AM, Leon Fauster wrote:
>> --On Monday, October 05, 2015 10:46 AM -0400 "James B.
>> Byrne"<byrnejb@xxxxxxxxxxxxx> wrote:
>>
>>> >So, is there any convenient way to construct an IPTables rule to
>>> block
>>> >all IPs associated with a given Domain Name server?
>> IPs have the reversed lookup "assosiated" with a NS.
>>
>> What do you mean with "associated"?
>>
>> Do mean all IPs that this DNS server resolves to
>> (A-Records in zone) (how do know for what zone
>> the NS gives authoritative answers)?
>>
>> Or just the domain name server IPs of a given
>> domain name (NS records)?
>>
>> What are you trying to solve?
>
> I wondered much the same. most NS servers won't allow you to do a
> zone transfer to find all the A/AAAA records in a given domain. doing
> a
> reverse DNS lookup on every incoming/outgoing socket connection would
> be
> beyond painful, it would bring your network to its knees as the
> reverse
> DNS zones are often broken.
>
>
>
I am well aware of the costs of dns lookups which is why I worded the
question as broadly as I did. In the end whois provided the necessary
information.
Thanks to all who replied and provided advice.
Regards
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
