[Pdns-users] DDos Reflector
Christof Meerwald
cmeerw at cmeerw.org
Mon Jan 19 19:41:40 UTC 2009
Hi,
since about Friday late evening I am seeing lots of pdns errors in my syslog
like:
Not authoritative for '', sending servfail to 76.9.31.42 (recursion was
desired)
Over in comp.protocols.dns.bind there is already some discussion about these
DNS requests (which apparently use a spoofed source IP address).
Is there anything a DNS server/PowerDNS can do to avoid being used as a DDoS
reflector, like rate-limiting SERVFAILs per IP address? What's the general
opinion?
Christof
--
http://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
More information about the Pdns-users
mailing list