limiting number of recursion/queries per IP address

Sebastian Tymków sebastian.tymkow at gmail.com
Wed Oct 27 19:26:57 UTC 2010


In FreeBSD you can use pf to limit connections using tables and setting up
rate limit.

http://forums.freebsd.org/showthread.php?t=1727

Best regards,

Shamrock

On Tue, Oct 26, 2010 at 9:29 PM, Kebba Foon <kebba.foon at qcell.gm> wrote:

> On Tue, 2010-10-26 at 15:22 -0400, Todd Snyder wrote:
> > What version of bind, on what OS?
> >
> I use Debian 5.0 with bind 9.6-ESV-R1 but also i thought that the OS
> might have some security holes so i try FreeBSD 8.1 with BIND 9.7.1 but
> still have ihave the same problems.
>
> > here may be some things you can do with iptables to limit connections
> >
> > http://www.debian-administration.org/articles/187
> >
> i will just look into these but it done thing iptables will be the ideal
> solution.
> > I don't recall seeing anything native to BIND that would allow for limits
> per src.
> >
> > t.
> >
> > -----Original Message-----
> > From: bind-users-bounces+tsnyder=rim.com at lists.isc.org [mailto:
> bind-users-bounces+tsnyder <bind-users-bounces%2Btsnyder>=rim.com@
> lists.isc.org] On Behalf Of Kebba Foon
> > Sent: Tuesday, October 26, 2010 2:27 PM
> > To: bind-users at lists.isc.org
> > Subject: limiting number of recursion/queries per IP address
> >
> > Dear List,
> >
> > Is is possible to limit the number of recursion/queries per IP address.
> > there is some kind of virus thats bombarding my dns servers with a lot
> > of queries, i realize that when ever the total number of recursion
> > clients reach 1000 dns resolution stop working. i have increase the
> > recursive-clients to 10000 but still these those not help. and also i
> > have increase the number of max open files on my OS which at one point
> > was complaining about too many open files. can someone please direct me
> > to how best to solve this problem its some kind of DDOS.
> >
> > Thanks
> > Kebba
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> > ---------------------------------------------------------------------
> > This transmission (including any attachments) may contain confidential
> information, privileged material (including material protected by the
> solicitor-client or other applicable privileges), or constitute non-public
> information. Any use of this information by anyone other than the intended
> recipient is prohibited. If you have received this transmission in error,
> please immediately reply to the sender and delete this information from your
> system. Use, dissemination, distribution, or reproduction of this
> transmission by unintended recipients is not authorized and may be unlawful.
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101027/b20817c1/attachment.html>


More information about the bind-users mailing list