Stopping ddos
Richard T.A. Neal
richard at richardneal.com
Tue Aug 2 21:20:27 UTC 2022
>> Any best practices on this?
>>
>> I am running bind 9.11.4
>>
>> thanks
> You could think about adding fail2ban to your server with some custom rules.
> Helped us in a similar situation.
You could also take advantage of BIND's built-in Response Rate Limiting which is explained here:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/reference.html#response-rate-limiting
I don't recall if BIND 9.11 supports that feature, but even if it does you should really be upgrading to 9.16.31 anyway (the latest Current-Stable, ESV).
Best,
Richard.
More information about the bind-users
mailing list