DNS queries limitation by host ?
Jim Reid
jim at rfc1035.com
Wed Aug 18 15:54:26 UTC 2004
>>>>> "Nicolas" == Nicolas LIENARD <nlienard at fr.colt.net> writes:
Nicolas> I d like to know if it s possible to do restrictions by
Nicolas> ip... for instance, to limit 100 requests/sec for a
Nicolas> special host/ip....
Nicolas> Do bind 8 do this ? Bind 9 ?
BIND has no hooks for this sort of thing. Feel free to contribute
code... Rate limiting is probably best handled by a router or
firewall in front of the name server. Perhaps you could do that?
I'd also recommend that you get your customers to reconfigure their
name servers so they resolve stuff for themselves instead of
forwarding queries to your name server. That forwarding server that
sends 1200qps is anti-social and probably broken. It might be helpful
to find out why it's generating so much traffic. Even better would be
putting a stop to that much traffic. :-)
More information about the bind-users
mailing list