Denial of Service
Barry Margolin
barmar at alum.mit.edu
Sat Feb 24 03:24:59 UTC 2007
In article <ernk1c$1tcf$1 at sf1.isc.org>,
"Nick Allum" <Nick.Allum at rci.rogers.com> wrote:
> Just had a quick question, at the Bind Level, if there was a possible
> Denial of Service coming from only a handful of ip address, would I be
> able just to use an ACL to deny these or will my servers still be
> flooded as it has to process the ACL?
> Of what would be the quickest and easiest way to reduce the effect of
> some type of Denial of Service where I am getting large quantaties of
> requests from the same group of IPS.
As others have pointed out, it would be better to filter them upstream.
Next best might be your OS's packet filtering. But filtering in BIND
would be better than nothing, since it takes less work to check an
against a filter than to actually perform the DNS processing, so the
backlog will be smaller.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list