Overload Denial of Service attack
Kevin Darcy
kcd at chrysler.com
Fri Oct 12 20:56:24 UTC 2007
The Doctor wrote:
> On Thu, Oct 11, 2007 at 06:14:45PM -0400, Kevin Darcy wrote:
>
>> According to the config below, you have no views and no restrictions on
>> recursion. Were these incoming queries being handled *recursively*? That
>> raises security concerns, of course, but putting those concern aside for
>> the moment, from a performance standpoint you can limit this using
>> "recursive-clients".
>>
>
> Example please.
>
>
>> For TCP requests, you have some control in the form of the "tcp-clients"
>> and "tcp-listen-queue" settings.
>>
>
> Examples please.
>
To tell the truth, I've never actually used either of those options in
production; I'm sure you can read documentation just as well as I can.
Use named-checkconf before committing anything to production, if you
have doubts as to whether you got the syntax right.
- Kevin
More information about the bind-users
mailing list