Mitigation of server's load by queries for non-existing domains
Tomas Hozza
thozza at redhat.com
Wed Jan 13 13:35:24 UTC 2016
On 12.01.2016 18:16, Tony Finch wrote:
> Tomas Hozza <thozza at redhat.com> wrote:
>>
>> Recently I was trying to find a mechanism in BIND that could prevent the
>> server from processing a recursive query for non-existing domains.
>
> Have a look at https://www.isc.org/blogs/tldr-resolver-ddos-mitigation/
>
>> I was thinking about using RPZ with QNAME policy trigger, but this
>> applies only to the responses to queries and still makes the server to
>> try to resolve it.
>
> RPZ has a "qname-wait-recurse no" option.
This is exactly the thing I was looking for.
Thank you very much!
Tomas
> Tony.
>
More information about the bind-users
mailing list