fabian dacunha wrote: > Dear Robert, > > Really apprecite your quick reply and thanks for the same.. > > it worked beautifully.. > the badguys acl > > now jus for my information if u can help me > > by the way i had send a mail to the owners of the ips and they replied to > me saying that they had a DDOS attack on thier server n its been stop 5 > days ago . > > now i wd like to know if it was really stopped wht were the messages stating > A request to look up a ns record > was my server querying their server > or their server quering mine > You got a udp packet from who knows where. > since a rule in my firewall which blocked the below IP did not help > > Huh? Then maybe there is something wrong with the rule. I basically just drop such packets on the floor. > apprecite ur kind help > > the messages in my logs are > > Feb 22 21:45:36 kmdns1 named[2087]: client 62.109.4.89#24308: query > (cache) './NS/IN' denied > Feb 22 21:45:37 kmdns1 named[2087]: client 62.109.4.89#31958: query > (cache) './NS/IN' denied > Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#29069: query > (cache) './NS/IN' denied > Feb 22 21:45:38 kmdns1 named[2087]: client 62.109.4.89#35868: query > (cache) './NS/IN' denied > Feb 22 21:45:39 kmdns1 named[2087]: client 62.109.4.89#26792: query > (cache) './NS/IN' denied > > but moment i made the changes as sugessted by u in my named.conf the > messages stopped perfectly > This just shows that your authoritative bind server was configured correctly. Congratulations!