nanog mailing list archives
DNS - connection limit (without any extra hardware)
From: Luke <very.luke () gmail com>
Date: Fri, 8 Dec 2006 15:40:52 +0100
Hi, as a comsequence of a virus diffused in my customer-base, I often receive big bursts of traffic on my DNS servers. Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I have a distributed tentative of denial of service. I can't blacklist them on my DNSs, because the infected clients are too much. For this reason, I would like that a DNS could response maximum to 10 queries per second given by every single Ip address. Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND tuning, without using any hardware traffic shaper? Thanks Best Regards Luke
Current thread:
- DNS - connection limit (without any extra hardware) Luke (Dec 08)
- RE: DNS - connection limit (without any extra hardware) Geo. (Dec 08)
- RE: DNS - connection limit (without any extra hardware) Gadi Evron (Dec 08)
- RE: DNS - connection limit (without any extra hardware) Geo. (Dec 08)
- Re: DNS - connection limit (without any extra hardware) Joe Abley (Dec 08)
- Re: DNS - connection limit (without any extra hardware) Daniel Golding (Dec 10)
- Re: DNS - connection limit (without any extra hardware) Matt Ghali (Dec 10)
- RE: DNS - connection limit (without any extra hardware) Gadi Evron (Dec 08)
- RE: DNS - connection limit (without any extra hardware) Geo. (Dec 08)
- RE: DNS - connection limit (without any extra hardware) Matt Ghali (Dec 08)
- Re: DNS - connection limit (without any extra hardware) Gadi Evron (Dec 08)
- Re: DNS - connection limit (without any extra hardware) Aaron Glenn (Dec 08)