limiting number of requests of a single hosts
Fajar A. Nugraha
work at fajar.net
Fri Jun 15 15:01:54 UTC 2012
On Fri, Jun 15, 2012 at 9:37 PM, Holemans Wim <wim.holemans at ua.ac.be> wrote:
> Wim Holemans
> Netwerkdienst Universiteit Antwerpen
> Network Services University of Antwerp
> One of the problems is that these firewalls are going to be replaced soon and we don't want to spend to much effort in trying to fix what seems an annoying side-effect of something caused by a DNS system.
You DO realize that DNS is (mostly) UDP packets, and an attacker (or
in your case, the ADs) can simply send UDP packet floods to kill your
firewall (in your current state), regardless how your DNS server is
configured, even when the DNS server is down?
More information about the bind-users