how to defense against ddos attack to dns?
Bryan Irvine
sparctacus at gmail.com
Sat Nov 21 05:14:15 UTC 2009
Basically, you have to have a big enough server/cluster of servers, to
absorb an attack.
No real defense from distributed dos.
2009/11/16 MontyRee <chulmin2 at hotmail.com>:
>
> Hello, all.
>
>
> I have operated some dns servers and I'm curious what should I do if
> ddos attck to my dns servers.
>
> So do you know how to defense against dns dddos attack like root server?
>
> Surely, various ddos attack may be occurred.
>
> My idea is..
>
>
> -. filtering 53/udp traffic that the byte is over 512 byte
> -. rate-limit against 53/udp queries
> (but useless if the attack spoof the source ip)
> -. deny recursion
> -. anycast?
>
>
> Is ther any comments or proposal?
>
>
> Thanks in advance.
>
>
>
>
> _________________________________________________________________
> 새로운 Windows 7: 일상 작업을 단순화하세요. 여러분에게 맞는 최상의 PC를 찾으세요.
> http://windows.microsoft.com/shop
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list