[93632] in North American Network Operators' Group
RE: DNS - connection limit (without any extra hardware)
daemon@ATHENA.MIT.EDU (Frank Bulk)
Fri Dec 8 18:34:47 2006
Reply-To: <frnkblk@iname.com>
From: "Frank Bulk" <frnkblk@iname.com>
To: <nanog@nanog.org>
Date: Fri, 8 Dec 2006 17:19:21 -0600
In-Reply-To: <DEA063E646F3804CA5541C01B0E1D484B2D2B4@nt1.MUTUALTEL.MTCNET.NET>
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_0025_01C71AED.00408C30
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
You could also look at Cloudshield. I was following the EveryDNS issue this
weekend and this item among the regular VON press release blast jumped out
at me:
http://www.cloudshield.com/news_events/2006_Releases/EveryDNS%20FINAL.pdf
Regards,
Frank
_____
From: Frank Bulk
Sent: Friday, December 08, 2006 8:59 AM
To: 'nanog@nanog.org'
Subject: DNS - connection limit (without any extra hardware)
Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service.
I can't blacklist them on my DNSs, because the infected clients are too
much.
For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper?
Thanks
Best Regards
Luke
------=_NextPart_000_0025_01C71AED.00408C30
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR></HEAD>
<BODY>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006>You could also look at Cloudshield. I =
was=20
following the EveryDNS issue this weekend and this item among the =
regular VON=20
press release blast jumped out at me:</SPAN></FONT></DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006><A=20
href=3D"http://www.cloudshield.com/news_events/2006_Releases/EveryDNS%20F=
INAL.pdf">http://www.cloudshield.com/news_events/2006_Releases/EveryDNS%2=
0FINAL.pdf</A></SPAN></FONT></DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006></SPAN></FONT> </DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006>Regards,</SPAN></FONT></DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006></SPAN></FONT> </DIV>
<DIV dir=3Dltr align=3Dleft><FONT face=3DArial color=3D#0000ff =
size=3D2><SPAN=20
class=3D935441723-08122006>Frank</SPAN></FONT></DIV><BR>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Frank Bulk <BR><B>Sent:</B> =
Friday,=20
December 08, 2006 8:59 AM<BR><B>To:</B> =
'nanog@nanog.org'<BR><B>Subject:</B> DNS=20
- connection limit (without any extra hardware)<BR></FONT><BR></DIV>
<DIV></DIV>Hi,<BR>as a comsequence of a virus diffused in my =
customer-base, I=20
often receive big bursts of traffic on my DNS servers.<BR>Unluckly, a =
lot of=20
clients start to bomb my DNSs at a certain hour, so I have a distributed =
tentative of denial of service. <BR>I can't blacklist them on my DNSs, =
because=20
the infected clients are too much.<BR><BR>For this reason, I would like =
that a=20
DNS could response maximum to 10 queries per second given by every =
single Ip=20
address.<BR>Anybody knows a solution, just using =
iptables/netfilter/kernel=20
tuning/BIND tuning, without using any hardware traffic shaper?=20
<BR><BR>Thanks<BR>Best Regards<BR><BR>Luke<BR><BR></BODY></HTML>
------=_NextPart_000_0025_01C71AED.00408C30--
