North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DNS - connection limit (without any extra hardware)
You could also look at Cloudshield. I was
following the EveryDNS issue this weekend and this item among the regular VON
press release blast jumped out at me:
Regards,
Frank From: Frank Bulk Sent: Friday, December 08, 2006 8:59 AM To: '[email protected]' Subject: DNS - connection limit (without any extra hardware) as a comsequence of a virus diffused in my customer-base, I often receive big bursts of traffic on my DNS servers. Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I have a distributed tentative of denial of service. I can't blacklist them on my DNSs, because the infected clients are too much. For this reason, I would like that a DNS could response maximum to 10 queries per second given by every single Ip address. Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND tuning, without using any hardware traffic shaper? Thanks Best Regards Luke |