0

I have recently added an IP address to my VPS. The problem is that the previous owner has abandoned the domain name with its nameservers set on this IP. Although any access to this domain is denied by my firewall (CSF), my problem is that I get lots of error messages in the log file on my server due to every hit the domain receives by visitors such as search engine crawlers like google and Bing.

The following is a sample line taken from my heavily loaded log in the path /var/log/messages

client 74.125.181.85#34411: query (cache) 'ns1.the_troublesome_domain.com/A/IN' denied

I have not been successful in encouraging the owner to change its nameservers. So I have decided to block all traffic which is headed to this domain in order to stop the log files (I do not know if that is the right decision, though). And I have already tried adding the following rule to Iptables

iptables -I INPUT -s the_troublesome_domain.com -j DROP

only to get the warning

iptables v1.4.7: host/network `the_troublesome_domain.com' not found

Please let me know your ideas on this problem.

Thanks in advance.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
developer
  • 535
  • 2
  • 8
  • 15

1 Answers1

2

-s is meant to specify an IP address, and the filter you're trying to configure will drop every packet with a source of that IP. If you provide a DNS entity, it will be resolved to an IP address when the rule is added. Since that DNS record cannot be resolved, the rule add fails.

To make this packet filter work, you'd need to match the record being requested based off of byte offset (i.e. deep packet inspection), and in any case the approach is misguided. You would be making your kernel's packet filter scrub packets so that it can drop traffic that your nameserver is already refusing.

I would be very surprised if you were seeing a query load that puts the software under any kind of strain; more than likely it's just cluttering up your log file. If this will be a problem, your best course of action is to simply ask for a different IP address. You have no way of making the traffic go away.

Andrew B
  • 31,858
  • 12
  • 90
  • 128