<tt><font size=2><br>
> As others have already said, this is a pretty invasive approach and
may<br>
> backfire in both operational (domains you really need to access) and<br>
> security (too much reliance on this) ways.<br>
> <br>
> What I'd recommend to you is to push the whole idea from a counter-measure<br>
> approach to a detection approach: Try to get query-logs out of your<br>
> recursors (either directly from the nameserver or using some<br>
> packet-capturing setup) and match them against your list of malicious
domains.<br>
> <br>
> That way, you can work aggressively on cleaning up bot infections,
get some<br>
> statistics on false positives without causing collateral damage, and
thus<br>
> solve the core of the problem (bot infections) and not just try to
put<br>
> band-aid on them.<br>
</font></tt>
<br><tt><font size=2>+1</font></tt>
<br>
<br><tt><font size=2>Ray</font></tt>
<br>