bindguard udp 53 nameserver 네임서버 무작의 질의 차단

http://bindguard.activezone.de/

rpm 버젼에다가 설치해봤음

vi named.conf 수정

options {     // BINDGUARD 설정 [ 시작 ]     blackhole { "bogon"; };     // BINDGUARD 설정 [ 끝 ]         listen-on port 53 { any; };         listen-on-v6 port 53 { ::1; };         directory       "/var/named";         dump-file       "/var/named/data/cache_dump.db";         statistics-file "/var/named/data/named_stats.txt";         memstatistics-file "/var/named/data/named_mem_stats.txt";         // Those options should be used carefully because they disable port         // randomization         // query-source    port 53;         // query-source-v6 port 53;         version "kensei nameserver";         allow-query     { any; };         allow-query-cache { localhost; };         allow-transfer { 127.0.0.1; };         recursion no; //      allow-recursion {127.0.0.1;}; }; logging {         channel querylog {                 file "/var/log/queries";                 severity debug 1;                 print-time yes;         };         category queries { querylog; };         channel default_debug {                 file "data/named.run";                 severity dynamic;         }; }; view localhost_resolver {         match-clients      { any; };         match-destinations { any; };         recursion no;         include "/etc/named.rfc1912.zones"; }; include "/etc/bogon.conf";

vi /var/named/chroot/etc/bogon.conf (없으면 생성해준다)

acl "bogon" { 192.168.0.1; 192.168.0.2; };

192.168.0.1 ~ 2 는 차단하겠다는 의미 (53번 포트만)