[Pdns-users] DDoS attack with random A requests causes SQL backend overload
Peter van Dijk
peter.van.dijk at powerdns.com
Fri Jul 16 19:21:48 UTC 2021
On Fri, 2021-07-16 at 12:08 +0200, Thomas Mieslinger via Pdns-users
wrote:
> Suggestions from older threads (Klaus Darrilon):
> - Put that zone in a more efficent Backend (he suggested lmdb)
Good idea.
> - Put that zone in a more efficent Software (he suggested nsd) and use
> dnsdist to route the traffic to the alternate Software
Also a good idea.
> Very old suggestion:
> - Use a firewall uint32 match to lock out queries to the attacked zone.
Should work, bit more work to manage.
> Crazy idea:
> - enable DNSSec on that zone
> - setup pdns recursor or similar add delegate the zone to it
> - pdns-recursor should now be able to efficiently calculate the
> NXDOMAINs based on NSEC/NSEC3 information
Recursor can do that, but it cannot serve the zone to the world. It is
not an Authoritative server.
So, sadly, this suggestion does not work.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the Pdns-users
mailing list