We've had some problems with DNS requests flooding our network. I've implemented some very basic ACLs to block the offending IPs as they hit us. I've blocked 6 or 8 IPs now and am looking for a better long term solution. I'm not a Cisco guru by any stretch of the imagination.
I've simply blocked IPs using the following method;
access-list 11 deny xxx.xxx.xxx.xxx 0.0.0.0 access-list 11 permit any
I then applied this access group to eth0 out. It makes more sense to me to apply this to serial0 but it had no effect either "in" or "out".
What I'd like to accomplish (in plain english);
#1 Only allow DNS requests to actual DNS servers. #2 Block some hosts from accessing port 53 at all. #3 Only allow X requests per time interval PER HOST to port 53
Can this be done? Any pointers?
Thanks!
Scott