[dns-operations] security with a firewall

Steven Carr sjcarr at gmail.com
Wed May 15 08:26:49 UTC 2013

On 15 May 2013 09:13, fenghe <fenghe at dnsbed.com> wrote:
> Does a hardware firewall help to defend the DNS attack?
> If so what's the suggested policy/rules?

Chances are your firewall will break long before your DNS server is overwhelmed.

DNS traffic should not be firewalled, the number of UDP transactions
will very rapidly use up lots of sessions and cripple the firewall.
Instead proper ingress filtering (BCP38) should be used on the network
to prevent spoofed traffic from ever getting anywhere near your DNS

More information about the dns-operations mailing list