<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"B Nazanin";
panose-1:0 0 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"Open Sans";
panose-1:2 11 6 6 3 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.xemailstyle17
{mso-style-name:x_emailstyle17;
font-family:"Courier New";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Courier New";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Dear Mohamad,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>My Server is public and I offer my service to lots of domains so I can’t specify the subnets. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>BR,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Hamed Haghshenas<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Mohamad F. Barham [mailto:mbarham@birzeit.edu] <br><b>Sent:</b> Saturday, July 7, 2018 3:55 PM<br><b>To:</b> Hamed Haghshenas <haghshenas@chavoosh.com>; pdns-users@mailman.powerdns.com<br><b>Subject:</b> Re: [Pdns-users] PDNS Authoritative Server DDOS Protection<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div id=divtagdefaultwrapper><p><span style='font-family:"Calibri",sans-serif;color:black'>in the conf file , you can specify the subnets those allowed to use this server s.t (default )<br>allow-from = </span><span style='font-size:10.0pt;font-family:"Open Sans",sans-serif;color:#333333'>10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16</span><span style='font-family:"Calibri",sans-serif;color:black'><o:p></o:p></span></p><p><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><div id=Signature><div id=divtagdefaultwrapper><p><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr style='height:45.9pt'><td width=156 valign=top style='width:117.0pt;border:none;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:45.9pt'></td><td width=540 valign=top style='width:405.0pt;border:none;border-right:solid white 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:45.9pt'></td></tr></table><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p></div></div></div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="98%" align=center></div><div id=divRplyFwdMsg><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> Pdns-users <</span><a href="mailto:pdns-users-bounces@mailman.powerdns.com"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>pdns-users-bounces@mailman.powerdns.com</span></a><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>> on behalf of Hamed Haghshenas <</span><a href="mailto:haghshenas@chavoosh.com"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>haghshenas@chavoosh.com</span></a><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>><br><b>Sent:</b> Saturday, July 7, 2018 2:19:16 PM<br><b>To:</b> </span><a href="mailto:pdns-users@mailman.powerdns.com"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>pdns-users@mailman.powerdns.com</span></a><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'><br><b>Subject:</b> [Pdns-users] PDNS Authoritative Server DDOS Protection</span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=xmsonormal><span style='font-family:"Courier New"'>Hi,</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'>I’m using PDNS Authoritative Server 4.1.3, today I see my server not response and error or timeout on resolves .</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'>When check the server see to many DNS requests from some IPs from Brazil like DDOS attack. To fix errors and timeouts, I block the attacker subnet in my firewall .</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'>Now could you please let me know how protect my server from DOS and DDOS attacks ?</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'>Best Regards,</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'> </span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'>Hamed Haghshenas</span><o:p></o:p></p><p class=xmsonormal><span style='font-family:"Courier New"'> </span><o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p></div></div><p class=MsoNormal>~~~~~~~~~~~~~~~~~~~~~~~~~~ <br>The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The University is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. <br>~~~~~~~~~~~~~~~~~~~~~~~~~~ <o:p></o:p></p></div></body></html>