How to stop the traffic attack to nameserver

sthaug at sthaug at
Sat Dec 10 14:01:23 UTC 2011

> My name servers have got many times of traffic attack.
> When the large bulk of traffic is delivered to nameserver, the server
> is almost dead.
> For example, the attacking traffic was more than 2G to a single host sometime.

Are these your authoritative or your recursive name servers? These are
different services and should run on different hosts.

Your recursive name servers in most cases should *not* be available
outside your network. Incoming DNS traffic to your recursive DNS servers
can then be blocked at your border routers, which can hopefully do this
at line rate in hardware.

Steinar Haug, Nethelp consulting, sthaug at

More information about the bind-users mailing list