how to defense against ddos attack to dns?

big bond bondarets at gmail.com
Sat Nov 21 14:26:28 UTC 2009


We use Cisco Detector+Guard to protect our network infrastructure from
network-level attacks. It's quite expansive, of cource, but you may ask your
upstream provider whether it has such a service called "DDoS Protection" or
something.

2009/11/21 Bryan Irvine <sparctacus at gmail.com>

> Basically, you have to have a big enough server/cluster of servers, to
> absorb an attack.
>
> No real defense from distributed dos.
>
>
>
> 2009/11/16 MontyRee <chulmin2 at hotmail.com>:
> >
> > Hello, all.
> >
> >
> > I have operated some dns servers and I'm curious what should I do if
> > ddos attck to my dns servers.
> >
> > So do you know how to defense against dns dddos attack like root server?
> >
> > Surely, various ddos attack may be occurred.
> >
> > My idea is..
> >
> >
> > -. filtering 53/udp traffic that the byte is over 512 byte
> > -. rate-limit against 53/udp queries
> >   (but useless if the attack spoof the source ip)
> > -. deny recursion
> > -. anycast?
> >
> >
> > Is ther any comments or proposal?
> >
> >
> > Thanks in advance.
> >
> >
> >
> >
> > _________________________________________________________________
> > 새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요.
> > http://windows.microsoft.com/shop
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20091121/1356fbd1/attachment.html>


More information about the bind-users mailing list