[dns-operations] solutions for DDoS mitigation of DNS
tessa at plum.ovh
Thu Apr 2 13:03:42 UTC 2020
On 2020/4/2 6:43 下午, Klaus Darilion wrote:
> So what was the bottleneck? I.e. if you use PowerDNS with DB backend you
> quite early hit the limit with random subdomains, which are not a
> problem if you use NSD for example. To mitigation such traffic patterns
> for example we use dnsdist with 2 backends, PowerDNS for nomarl zones
> and NSD for zones which are quite often under attack.
the bottleneck seems be the bandwidth of server (server has only 1Gbps
on its public interface).
b/c at that time the server totally has no response.
Even ssh can't get logined.
More information about the dns-operations