limit the number of invalid domain queries
Mark Andrews
marka at isc.org
Wed Feb 22 03:34:12 UTC 2023
It sounds like you are subject of a DoS attack or are being used in a DoS attack against someone else. Often the IP addresses are forged. In other cases they come from recursive servers that are also being abused.
You can configure response rate limiting.
https://bind9.readthedocs.io/en/v9_16_9/reference.html?highlight=Response%20rate%20limiting#response-rate-limiting
You can also sign the zone using NSEC which will allow recursive servers that support DNSSEC synthesis to return responses for names that don’t exist without contacting your server as often. They need to contact you enough to build up the NSEC chain to be able to synthesis the NXDOMAIN response.
> On 22 Feb 2023, at 13:32, Chinhlk <chinhlk.ptit at gmail.com> wrote:
>
> Hi ,
>
> I have a DNS server using BIND 9.16 software.
> I have a phenomenon where there are many queries from different IPs to the subdomains of cosy.vn (these subdomains do not exist; the domain name cosy.vn is the main domain I am using). These queries cause an overload for my system. I have used IP blocking solution, but these IPs are many and constantly changing.
> I would like to ask is there a way to configure blocking of queries from those strange IPs to my subdomains?
>
> Thanks and looking forward to your support.
>
> Chinhlk
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list