[Pdns-users] DDos Reflector
Augie Schwer
augie.schwer at gmail.com
Wed Jan 21 22:23:06 UTC 2009
On Mon, Jan 19, 2009 at 11:41 AM, Christof Meerwald <cmeerw at cmeerw.org> wrote:
> Is there anything a DNS server/PowerDNS can do to avoid being used as a DDoS
> reflector, like rate-limiting SERVFAILs per IP address? What's the general
> opinion?
For this particular attack you could set "send-root-referral=no"; that
will make sure PowerDNS does not answer the "dig ns . @ns-server"
query which this attack uses.
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
More information about the Pdns-users
mailing list