how to defense against ddos attack to dns?

MontyRee chulmin2 at
Tue Nov 17 00:55:19 UTC 2009

Hello, all.
I have operated some dns servers and I'm curious what should I do if 
ddos attck to my dns servers.
So do you know how to defense against dns dddos attack like root server?
Surely, various ddos attack may be occurred.
My idea is..
-. filtering 53/udp traffic that the byte is over 512 byte
-. rate-limit against 53/udp queries
   (but useless if the attack spoof the source ip)
-. deny recursion 
-. anycast?
Is ther any comments or proposal?
Thanks in advance. 
새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요.

More information about the bind-users mailing list