outgoing-traffic

Mark Andrews marka at isc.org
Tue Jul 26 19:58:27 UTC 2016


In message <alpine.DEB.2.11.1607261404120.25696 at grey.csi.cam.ac.uk>, Tony Finch writes:
> S Carr <sjcarr at gmail.com> wrote:
> >
> > You might want to check whether the requests are legitimate before
> > completely blocking them, rate limiting would be a better option.
> 
> Remember this is TCP traffic.
> 
> RRL is designed to deal with spoofed UDP traffic. It can actually make
> non-spoofed floods worse, because RRL pushes UDP traffic to TCP, and TCP
> is very easy to saturate.
> 
> You might find it helps to avoid truncated responses, e.g. by turning on
> the minimal-responses option. (See also minimal-any in BIND 9.11)

We need to go back to basics.  What question is being ask and is
there a sensible response being returned?  Recursive servers don't
keep asking questions over and over for no reason and this sounds
like that is happening.

> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> Southeast Iceland: Northerly or northwesterly 5 to 7, occasionally gale 8
> until later in north. Moderate or rough. Occasional rain, fog patches.
> Moderate or good, occasionally very poor.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list