[dns-operations] solutions for DDoS mitigation of DNS

Frank Louwers frank at louwers.be
Thu Apr 2 07:15:36 UTC 2020


> 
>> May I ask if there are any solutions for DDoS mitigation of DNS?
> 
> All solutions that were mentioned here are correct but incomplete:
> there is no general solution against dDoS, because "it depends". There
> are many types of dDoS. You will need several tools in your toolbox,
> and someone knowledgeable to choose among them.

I completely agree. However, some tools have a large toolbox built-in and reduce the need for other tools. Eg: dnsdist allows you to do general ratelimiting/blocking, but allows you to build your own rules as well.

Note that I can buy a great, expensive and high-quality garage toolbox, but that that doesn't mean I can repair my own car. The toolbox is what the knowledgeable expert needs to fix the problem...

Kind Regards and best of luck fending of the bad people...

Frank Louwers
DNS Consultant @ Kiwazo.be <http://kiwazo.be/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200402/8e14c6cb/attachment.html>


More information about the dns-operations mailing list