Anyway to rate-limit incoming DNS requests?[Scanned]
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Sep 15 23:32:08 UTC 2003
> Hi BIND gurus,
> Is there any way to configure BIND to sort of rate limit the number of DNS re
> quests coming in from any particular IP automatically? Say, something like if
> I wanted to set so that any IP from the 10.10.10.0/24 subnet can only do 10
> DNS requests / sec? I've been facing quite a lot of problems lately where som
> e of my users have been hammering my server with hundreds of requests per sec
> ond. Its really irritating to have to blackhole them everynow and then. If BI
> ND can't do this, is there any better solution? Appreciate all the help. Than
> ks.
>
> - Elias -
Use FreeBSD to traffic shape the DNS requests from these machines.
See ipfw.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list