limiting number of recursion/queries per IP address

Lightner, Jeff jlightner at water.com
Tue Oct 26 19:36:08 UTC 2010


iptables is available in most Linux distros and it is definitely better
to block things there than in BIND itself.

I don't know that BIND has a rate limiter.  It DOES have a "blacklist"
option where you can completely block a site's access to it but as noted
above it is better to do it in iptables or firewall because then it
never gets to BIND in the first place.

-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org
[mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
Of Kebba Foon
Sent: Tuesday, October 26, 2010 3:29 PM
To: bind-users at lists.isc.org
Subject: RE: limiting number of recursion/queries per IP address

On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote:
> What version of bind, on what OS?
> 
I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS
might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but
still have ihave the same problems.

> here may be some things you can do with iptables to limit connections
> 
> http://www.debian-administration.org/articles/187
> 
i will just look into these but it done thing iptables will be the ideal
solution.
> I don't recall seeing anything native to BIND that would allow for
limits per src.
> 
> t.
> 
> -----Original Message-----
> From: bind-users-bounces+tsnyder=rim.com at lists.isc.org
[mailto:bind-users-bounces+tsnyder=rim.com at lists.isc.org] On Behalf Of
Kebba Foon
> Sent: Tuesday, October 26, 2010 2:27 PM
> To: bind-users at lists.isc.org
> Subject: limiting number of recursion/queries per IP address
> 
> Dear List,
> 
> Is is possible to limit the number of recursion/queries per IP
address.
> there is some kind of virus thats bombarding my dns servers with a lot
> of queries, i realize that when ever the total number of recursion
> clients reach 1000 dns resolution stop working. i have increase the
> recursive-clients to 10000 but still these those not help. and also i
> have increase the number of max open files on my OS which at one point
> was complaining about too many open files. can someone please direct
me
> to how best to solve this problem its some kind of DDOS.
> 
> Thanks
> Kebba
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute
non-public information. Any use of this information by anyone other than
the intended recipient is prohibited. If you have received this
transmission in error, please immediately reply to the sender and delete
this information from your system. Use, dissemination, distribution, or
reproduction of this transmission by unintended recipients is not
authorized and may be unlawful.

_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------



More information about the bind-users mailing list