limiting number of recursion/queries per IP address
Dmitry Rybin
kirgudu at corbina.net
Tue Nov 9 14:22:58 UTC 2010
This is not good idea to use statefull firewall on heavy loaded DNS
server. firewall becomes low place in the system.
As workaround you can use dns_flood_detector + simple script to insert
and remove IP's from firewall blocking table or chain.
27.10.2010 23:26, Sebastian Tymków пишет:
> In FreeBSD you can use pf to limit connections using tables and setting
> up rate limit.
>
> http://forums.freebsd.org/showthread.php?t=1727
>
> Best regards,
>
> Shamrock
>
> On Tue, Oct 26, 2010 at 9:29 PM, Kebba Foon <kebba.foon at qcell.gm
> <mailto:kebba.foon at qcell.gm>> wrote:
>
> On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote:
> > What version of bind, on what OS?
> >
> I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS
> might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but
> still have ihave the same problems.
>
> > here may be some things you can do with iptables to limit connections
> >
> > http://www.debian-administration.org/articles/187
> >
> i will just look into these but it done thing iptables will be the ideal
> solution.
> > I don't recall seeing anything native to BIND that would allow for
> limits per src.
> >
> > t.
> >
> > -----Original Message-----
> > From: bind-users-bounces+tsnyder=rim.com
> <http://rim.com>@lists.isc.org <http://lists.isc.org>
> [mailto:bind-users-bounces+tsnyder
> <mailto:bind-users-bounces%2Btsnyder>=rim.com
> <http://rim.com>@lists.isc.org <http://lists.isc.org>] On Behalf Of
> Kebba Foon
> > Sent: Tuesday, October 26, 2010 2:27 PM
> > To: bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> > Subject: limiting number of recursion/queries per IP address
> >
> > Dear List,
> >
> > Is is possible to limit the number of recursion/queries per IP
> address.
> > there is some kind of virus thats bombarding my dns servers with a lot
> > of queries, i realize that when ever the total number of recursion
> > clients reach 1000 dns resolution stop working. i have increase the
> > recursive-clients to 10000 but still these those not help. and also i
> > have increase the number of max open files on my OS which at one point
> > was complaining about too many open files. can someone please
> direct me
> > to how best to solve this problem its some kind of DDOS.
> >
> > Thanks
> > Kebba
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> > ---------------------------------------------------------------------
> > This transmission (including any attachments) may contain
> confidential information, privileged material (including material
> protected by the solicitor-client or other applicable privileges),
> or constitute non-public information. Any use of this information by
> anyone other than the intended recipient is prohibited. If you have
> received this transmission in error, please immediately reply to the
> sender and delete this information from your system. Use,
> dissemination, distribution, or reproduction of this transmission by
> unintended recipients is not authorized and may be unlawful.
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Рыбин Дмитрий
Эксперт по аварийному восстановлению сервисов
Отдел систем ШПД
Департамент ИТ- инфраструктуры
Группа компаний Вымпелком
Tel: +7(495) 7871000
More information about the bind-users
mailing list