[dns-operations] solutions for DDoS mitigation of DNS

Tessa Plum tessa at plum.ovh
Thu Apr 2 13:03:42 UTC 2020

On 2020/4/2 6:43 下午, Klaus Darilion wrote:
> So what was the bottleneck? I.e. if you use PowerDNS with DB backend you 
> quite early hit the limit with random subdomains, which are not a 
> problem if you use NSD for example. To mitigation such traffic patterns 
> for example we use dnsdist with 2 backends, PowerDNS for nomarl zones 
> and NSD for zones which are quite often under attack.


the bottleneck seems be the bandwidth of server (server has only 1Gbps 
on its public interface).
b/c at that time the server totally has no response.
Even ssh can't get logined.


More information about the dns-operations mailing list