<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class=""><div class=""><br class=""><blockquote type="cite" class="">May I ask if there are any solutions for DDoS mitigation of DNS?<br class=""></blockquote><br class="">All solutions that were mentioned here are correct but incomplete:<br class="">there is no general solution against dDoS, because "it depends". There<br class="">are many types of dDoS. You will need several tools in your toolbox,<br class="">and someone knowledgeable to choose among them.<br class=""></div></div></blockquote><br class=""></div><div>I completely agree. However, some tools have a large toolbox built-in and reduce the need for other tools. Eg: dnsdist allows you to do general ratelimiting/blocking, but allows you to build your own rules as well.</div><div><br class=""></div><div>Note that I can buy a great, expensive and high-quality garage toolbox, but that that doesn't mean I can repair my own car. The toolbox is what the knowledgeable expert needs to fix the problem...</div><div><br class=""></div><div>Kind Regards and best of luck fending of the bad people...</div><div><br class=""></div><div>Frank Louwers</div><div>DNS Consultant @ <a href="http://Kiwazo.be" class="">Kiwazo.be</a></div></body></html>