DNS queries limitation by host ?
Ladislav Vobr
lvobr at ies.etisalat.ae
Wed Aug 25 03:18:32 UTC 2004
>>Does anybody know how to configure the firewall so it will not let the
>>random user to fill-up recursive-client queue or how to configure the
>>firewall so it will not let bind to flood random misconfigured
>>destination with it's full bandwidth and still provide the service to
>>the rest of users.
>
>
> Use access-lists on recursive servers ( only allow your own hosts ),
> have no-recursion on your auhorative servers. Is that what you mean ?
well, I have all these things in place, when I said random user, I ment
random user from our valid block, which is of course valid to use
recursion. But still I really don't want him to send 1000req/sec of
nonsense.
second, i don't want bind to act like crazy and multiply perfectly valid
traffic (from the end user perspective) hundered or two hundered times
in some cases, and flood remote authoritative servers with it.
I admit it is not a piece of cake at all to implement it, but this
doesn't make the problem disappear. Maybe it will take some time to
realize that this problem is here already today.
Ladislav
More information about the bind-users
mailing list