[73263] in North American Network Operators' Group
Re: Summary with further Question: Domain Name System protection
daemon@ATHENA.MIT.EDU (vijay gill)
Tue Aug 17 15:22:16 2004
Date: Tue, 17 Aug 2004 19:21:15 +0000
From: vijay gill <vgill@vijaygill.com>
To: bmanning@vacation.karoshi.com
Cc: Joe Shen <joe_hznm@yahoo.com.sg>, Bill Woodcock <woody@pch.net>,
nanog@merit.edu
In-Reply-To: <20040817035717.GA20777@vacation.karoshi.com.>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Aug 17, 2004 at 03:57:17AM +0000, bmanning@vacation.karoshi.com wrote:
> > 5. 'bogon'in BIND configuration could be used to
> > filter requests from RFC1918 address;
>
> this should be pushed to
> the router. don't waste CPU cycles
> on the Nameserver.
Hosts tend to be a faster writeoff cycle than routers in companies I've
worked at, therefore getting the benefit of moores law about 25% faster
than the routers. Turn on firewalling in the host. That said, I do
filter 1918 at my edge.
/vijay
