[dns-operations] blocking malicious dns traffic

[William Taylor]

Here is something I put together to block some malicious  SERVFAILS we
have been seeing coming from exploited customers.
Currently geared towards bind but could by easily adapted to work with
out dns servers.

Basically it listens to the interface for SERVFAIL traffic matching
against a pattern. Once it hits a definable threshold
it will add them to a zone file to be blocked. You could collect stats
from this if you like and add to firewalls or notify your customers, etc.

https://github.com/willt/dnsbff


Let me know what you think.

Thanks,
  William