[Pdns-users] DoS with AXFR transfer

Brian Candler b.candler at pobox.com
Sun Dec 22 08:41:28 UTC 2019

On 22/12/2019 08:25, Adrian Kägi wrote:
> What do you recommend? tune MySQL Server? add DoS prevention tool in 
> front like fail2ban?

- Restrict zone transfers by source IP address
- Restrict zone transfers by TSIG signature
- Disable zone transfers entirely, and use native backend replication 
instead (in your case: use mysql replication)

More information about the Pdns-users mailing list