[dns-operations] A DNS and network security forced marriage
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Mon Mar 15 16:29:07 UTC 2010
> As others have already said, this is a pretty invasive approach and may
> backfire in both operational (domains you really need to access) and
> security (too much reliance on this) ways.
>
> What I'd recommend to you is to push the whole idea from a
counter-measure
> approach to a detection approach: Try to get query-logs out of your
> recursors (either directly from the nameserver or using some
> packet-capturing setup) and match them against your list of malicious
domains.
>
> That way, you can work aggressively on cleaning up bot infections, get
some
> statistics on false positives without causing collateral damage, and
thus
> solve the core of the problem (bot infections) and not just try to put
> band-aid on them.
+1
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100315/0da3f427/attachment.html>
More information about the dns-operations
mailing list