[Pdns-users] Re: Features: ACLs (for AXFR et al), configurable SQL queries

[Norbert Sendetzky]

On Friday 05 May 2006 18:17, Duane wrote:
> > Never do a task in the DNS server that can be better done by a firewall
> > ;-)
>
> Take for example e164.org, e164.org operates an enum tree which allows
> people to lookup SIP URIs against enum.164 numbers and we are currently
> toying around with centralised request counting to prevent brute force
> attacks, but at the same time we will need to keep a white list of
> proxies that will be allowed to do several requests per second...
>
> Ok this isn't an easy problem, we're still scratching our heads, but it
> can be done, but I don't think inside the DNS server is the answer
> either unless there is a whole bunch of extensions to it to allow
> collecting of IP stats as well...

My comment was more specific to Stephane's problem but ...

> But saying a straight out firewall isn't the answer either, especially
> if the servers are spread out over multiple continents...

... nevertheless, I think Linux netfilter with all its modules is a good start 
for your problem even if your servers don't share the access statistics 
worldwide.


Norbert
-- 
OpenPGP public key
http://www.linuxnetworks.de/norbert.pubkey.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20060505/cb790da4/attachment-0001.sig>