|
|
|
|
+ Search |
 
|
Mar 3rd, 2003 20:09
Brian Coogan,
If I have an ip/10 file to allow dnscache to answer all queries coming from 10.x.x.x hosts, how would I set up things to answer queries from all 10.x.x.x hosts except 10.52.24.241 without needing to ban all of 10.x.x.x? Answer: Create ip/10.* files covering all ranges specifically other than the address (or range of addresses) you want to ignore. For instance, to allow 10.x.x.x but ignore 10.52.24.241: cd /service/dnscache/root/ip for FFF in `seq 1 51` `seq 53 255`; do touch 10.$FFF for FFF in `seq 1 23` `seq 25 255`; do touch 10.52.$FFF for FFF in `seq 1 240` `seq 242 255`; do touch 10.52.24.$FFF rm 10 This same technique works for both permanently and temporarily blocking an IP address from querying a dnscache server. See http://cr.yp.to/djbdns/dnscache.html for further details. Note: "seq" is a command that prints all numbers between and including the first and second arguments, ie: "seq 1 3" prints "1 2 3". As seq may not be available in all Unix flavours, a trivial script to implement it would be: #! /bin/sh awk 'BEGIN { for (i = '$1'; i <= '$2'; i++) print i; stop }' (As an aside, seq is part of the GNU shellutils: http://www.gnu.org/software/shellutils/shellutils.html You may have the "jot" command instead. "jot 256 0" prints the same output as "seq 0 255".) You could also block an IP range with firewall rules in your version of Unix; that may or may not be an easier point for you to manage such things.