Re: [CentOS] Can one construct an IPTables rule to block on NS records?

6 Oct 2015


      On 6 October 2015 at 00:46, James B. Byrne byrnejb@harte-lyne.ca wrote:
...
So, is there any convenient way to construct an IPTables rule to block
all IPs associated with a given Domain Name server?
You can use ipsets to block a large collection of IP addresses with
netfilter.  I block various problematic countries that way.
The problem is getting _all_ the IP addresses associated with a DNS
server.  I don't think that is going to be easy/possible, unless that DNS
sever has been badly misconfigured.
K

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Can one construct an IPTables rule to block on NS records?