[Pdns-users] Handling packet flood from one client.
Augie Schwer
augie.schwer at gmail.com
Wed Jan 28 19:07:53 UTC 2009
We discussed this on #powerdns a bit as it came up on the
dns-operations list; the conclusion was that dropping the request was
worse because it opened up spoofing attacks. Thanks for the
suggestion though. --Augie
On Tue, Jan 27, 2009 at 3:17 PM, Leen Besselink <leen at wirehub.nl> wrote:
> On Tue, Jan 27, 2009 at 10:00:18AM -0800, Augie Schwer wrote:
>> Obviously; but that's being reactive; I was looking for something more
>> proactive. --Augie
>>
>
> I've not tested it, but I understand the u32 option is available on Debian/Linux for example:
>
> http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
>
> That might do what you want.
>
>> 2009/1/27 Jeroen Wunnink <jeroen at easyhosting.nl>:
>> > Just firewall the IP ?
>> >
>> > Augie Schwer wrote:
>> >>
>> >> Does anyone have other solutions?
>> >>
>> >>
>> >>
>> >
>> > --
>> >
>> > Met vriendelijke groet,
>> >
>> > Jeroen Wunnink,
>> > EasyHosting B.V. Systeembeheerder
>> > systeembeheer at easyhosting.nl
>> >
>> > telefoon:+31 (035) 6285455 Postbus 48
>> > fax: +31 (035) 6838242 3755 ZG Eemnes
>> >
>> > http://www.easyhosting.nl
>> > http://www.easycolocate.nl
>> >
>> >
>> >
>>
>>
>>
>> --
>> Augie Schwer - Augie at Schwer.us - http://schwer.us
>> Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
More information about the Pdns-users
mailing list