[dns-operations] question for DNS being attacked

Paul Vixie paul at redbarn.org
Thu Jun 28 20:53:19 UTC 2012

On 6/28/2012 8:47 PM, Stephane Bortzmeyer wrote:
> On Thu, Jun 28, 2012 at 04:04:47AM +0000,
>  Michael Hoskins (michoski) <michoski at cisco.com> wrote 
>  a message of 61 lines which said:
>> or even firewall based rate limiting like iptables or dummynet.
>> http://codingfreak.blogspot.com/2010/01/iptables-rate-limit-incoming.html
> ...
> I suggest using the hashlimit Netfilter module instead.

there is not enough information available upstream of the dns server, at
query receive time, to know whether or not to drop the query. you have
to know what the prospective response is, and drop that.


More information about the dns-operations mailing list