how to defense against ddos attack to dns?
MontyRee
chulmin2 at hotmail.com
Tue Nov 17 00:55:19 UTC 2009
Hello, all.
I have operated some dns servers and I'm curious what should I do if
ddos attck to my dns servers.
So do you know how to defense against dns dddos attack like root server?
Surely, various ddos attack may be occurred.
My idea is..
-. filtering 53/udp traffic that the byte is over 512 byte
-. rate-limit against 53/udp queries
(but useless if the attack spoof the source ip)
-. deny recursion
-. anycast?
Is ther any comments or proposal?
Thanks in advance.
_________________________________________________________________
새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요.
http://windows.microsoft.com/shop
More information about the bind-users
mailing list