[dns-operations] A DNS and network security forced marriage

Ray.Bellis at nominet.org.uk Ray.Bellis at nominet.org.uk
Mon Mar 15 16:29:07 UTC 2010


> As others have already said, this is a pretty invasive approach and may
> backfire in both operational (domains you really need to access) and
> security (too much reliance on this) ways.
> 
> What I'd recommend to you is to push the whole idea from a 
counter-measure
> approach to a detection approach: Try to get query-logs out of your
> recursors (either directly from the nameserver or using some
> packet-capturing setup) and match them against your list of malicious 
domains.
> 
> That way, you can work aggressively on cleaning up bot infections, get 
some
> statistics on false positives without causing collateral damage, and 
thus
> solve the core of the problem (bot infections) and not just try to put
> band-aid on them.

+1

Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20100315/0da3f427/attachment.html>


More information about the dns-operations mailing list