minimize impact of NXDOMAIN queries
Brad Knowles
brad at stop.mail-abuse.org
Fri May 27 14:39:20 UTC 2005
At 9:29 AM +0800 2005-05-27, Joe Shen wrote:
> The phenomon last about 2 hours which generate a step
> in our monitoring graph. I take it a obvious DoS
> attack.
>
> So, is there a way to defense such type of attack?
Before you can do anything about some suspected attack, you need
to collect more information about specifically how it is happening.
In the case of suspected attack of your nameservers, you either need
to turn on query logging, or you need to run network sniffing devices
to piece together what kind of traffic you're seeing and from where.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list