Defense against a client?
Peter Andreev
andreev.peter at gmail.com
Mon Jan 16 10:35:39 UTC 2012
2012/1/16 Tom Schmitt <TomSchmitt at gmx.de>
> Hi,
>
> I have a problem with the load on my Bind. Normally it's fine, but from
> time to time there are clients which causes through a misconfiguration or a
> failed local service (not intentionally) a very high amount of queries.
> After finding and informing the responsible person this problem is mostly
> solved in short time.
>
> One of these cases my DNS server can handle, but sometimes there is more
> than one of these cases at the same time and I have a load problem which
> causing problems for all clients of my DNS servers.
>
> My question:
> Is there any possibility in Bind to give a quoata to a client? e.g. that
> from a given IP no more than houndred queries per second are allowed and
> the rest is to be blackholed.
>
> That way only the client causing the load would have a problem but not all
> other clients.
>
> Is there such a possibility? I found nothing in the documentation. Or are
> there other ways to achive this? How do you guys do this?
>
>
As far as I know there is no way to limit query-rate in BIND. I suppose
firewall should cope with the problem much better.
Tom.
> --
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
--
AP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120116/0fedcce7/attachment.html>
More information about the bind-users
mailing list