[Pdns-users] Re: Features: ACLs (for AXFR et al), configurable SQL queries

Duane duane at e164.org
Fri May 5 16:17:46 UTC 2006

Norbert Sendetzky wrote:

> Never do a task in the DNS server that can be better done by a firewall ;-)

Yes and no...

Take for example e164.org, e164.org operates an enum tree which allows 
people to lookup SIP URIs against enum.164 numbers and we are currently 
toying around with centralised request counting to prevent brute force 
attacks, but at the same time we will need to keep a white list of 
proxies that will be allowed to do several requests per second...

Ok this isn't an easy problem, we're still scratching our heads, but it 
can be done, but I don't think inside the DNS server is the answer 
either unless there is a whole bunch of extensions to it to allow 
collecting of IP stats as well...

But saying a straight out firewall isn't the answer either, especially 
if the servers are spread out over multiple continents...


Best regards,

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
     but the optimist has a better time on the trip."

More information about the Pdns-users mailing list