[Pdns-users] DoS with AXFR transfer

Brian Candler b.candler at pobox.com
Sun Dec 22 08:41:28 UTC 2019

Previous message (by thread): [Pdns-users] DoS with AXFR transfer
Next message (by thread): [Pdns-users] pdns cannot handle large pdns notify
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22/12/2019 08:25, Adrian Kägi wrote:
> What do you recommend? tune MySQL Server? add DoS prevention tool in 
> front like fail2ban?

- Restrict zone transfers by source IP address
- Restrict zone transfers by TSIG signature
- Disable zone transfers entirely, and use native backend replication 
instead (in your case: use mysql replication)

Previous message (by thread): [Pdns-users] DoS with AXFR transfer
Next message (by thread): [Pdns-users] pdns cannot handle large pdns notify
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pdns-users mailing list