[dns-operations] security with a firewall
Steven Carr
sjcarr at gmail.com
Wed May 15 08:26:49 UTC 2013
On 15 May 2013 09:13, fenghe <fenghe at dnsbed.com> wrote:
> Does a hardware firewall help to defend the DNS attack?
> If so what's the suggested policy/rules?
Chances are your firewall will break long before your DNS server is overwhelmed.
DNS traffic should not be firewalled, the number of UDP transactions
will very rapidly use up lots of sessions and cripple the firewall.
Instead proper ingress filtering (BCP38) should be used on the network
to prevent spoofed traffic from ever getting anywhere near your DNS
servers.
More information about the dns-operations
mailing list