[93610] in North American Network Operators' Group
DNS - connection limit (without any extra hardware)
daemon@ATHENA.MIT.EDU (Luke)
Fri Dec 8 09:56:28 2006
Date: Fri, 8 Dec 2006 15:40:52 +0100
From: Luke <very.luke@gmail.com>
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
------=_Part_2818_7164699.1165588852555
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service.
I can't blacklist them on my DNSs, because the infected clients are too
much.
For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper?
Thanks
Best Regards
Luke
------=_Part_2818_7164699.1165588852555
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi,<br>as a comsequence of a virus diffused in my customer-base, I often receive big bursts of traffic on my DNS servers.<br>Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I have a distributed tentative of denial of service.
<br>I can't blacklist them on my DNSs, because the infected clients are too much.<br><br>For this reason, I would like that a DNS could response maximum to 10 queries per second given by every single Ip address.<br>Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND tuning, without using any hardware traffic shaper?
<br><br>Thanks<br>Best Regards<br><br>Luke<br><br>
------=_Part_2818_7164699.1165588852555--
